The type and sophistication of ransomware attacks are constantly evolving to keep pace with new cybersecurity initiatives and technology. Every year, organizations are exposed to new, emerging attacks, causing severe compromise and damage. Ransomware encompasses everything from mass scale phishing campaigns to targeted attacks leveraging social engineering, remote desktop vulnerabilities and multi-stage attacks using various malware to deliver the final package.
Twenty percent of organizations surveyed in our 2020 Security Study indicated they were affected by ransomware in 2019. Even more concerning, a whopping 81 percent of organizations who suffered a ransomware attack were subject to a repeat attack after recovery. For many companies, restoring to a trusted state is extremely difficult and leaves them vulnerable to repeat attacks. To get back to a trusted state, companies need to incorporate adequate network visibility and continuous log monitoring to pinpoint when the ransomware was first deployed and determine the affected systems.
An organization’s size and complexity can also leave them more vulnerable to ransomware attacks, as attackers only require one vulnerable device in order to infiltrate the entire network. Our recent study showed organizations that fell victim to ransomwares had larger than average attack surfaces, including 37 percent more servers and 20 percent more PCs. To make matters worse, 67 percent of ransomware attack victims lost access to their data. Employees who use non-corporate or ‘bring-your-own’ devices are also especially vulnerable, as these devices often aren’t properly protected.
As stiffer penalties and fines are built into privacy and compliance regulations, organizations are adopting cyber insurance policies to help protect against the repercussions of security incidents. However, many attackers view companies with cyber insurance as an easy pay day. This may seem counterintuitive, but many companies are quick to pay out an attacker because they believe it is the most cost-effective approach to retrieving customer data.
Ransomware remains a serious threat but there are many ways for organizations to arm themselves against these types of attacks. Being aware of who and what is on your network and putting the proper controls in place to monitor the actions being taken is a great first step. If your organization has a bring-your-own-device (BYOD) policy, it’s important to update employee security policies and educate employees about proper security measures (password updates, etc.) to ensure these devices are protected.
To reduce the cost of a breach, organizations can look to reduce the amount of time they spend recovering back to a trusted state. Developing a comprehensive recovery plan that includes metrics for recovery time objectives and recover point objectives is crucial, as well as actively rehearsing recovery situations and measure your organization’s response to attacks.
For more information, the full 2020 Security Study can be found here.