Ransomware Attacks Survey: 1 in 5 companies fall victim

A staggering 21% of respondents answered ‘Yes’ to the question ‘Has your organisation been the victim of a ransomware attack to date?’  While this may seem high, it is consistent with data collected in our previous survey about email security, where we found that 1 in every 4 companies had suffered an email security breach. The findings confirm the high incidence of ransomware, making it one of the most common – and most effective – forms of cybercrime. Being a victim of ransomware can be devastating. The average downtime a company experiences after a ransomware attack is 21 days, and while the cost of that downtime alone can be fatal for many companies, that is without taking into consideration the cost of data recovery, the payment of the ransom, and long-term brand damage. And the cost of the ransom is certainly not insignificant, with the average amount that companies were forced to pay in 2020 coming in at $170,404. The next obvious question is, of these ransomware victims, how many ended up paying the ransom to recover their data and begin operating again?

According to the survey, 9.2% of those companies that fell victim to a ransomware attack were left with no choice but to pay the ransom to recover their data. This statistic reveals that with the right awareness and protective measures, paying the ransom need not be the only option. Over 90% of our respondents said that although they were attacked, they were able to recover their data from backup. That said, a few noted that while they were able to recover their data without having to pay the ransom, they still ended up losing files in the process, so they did not quite escape unscathed. This further highlights an essential point when it comes to ransomware protection – prevention is better (and significantly cheaper) than cure.

The main aim of most ransomware attacks is to encrypt essential data that makes it impossible for a company to operate. Our survey findings support this. We found that 60.3% of reported ransomware attacks affected server infrastructure and network storage. Network storage is normally used to store sensitive data which can be shared between multiple users simultaneously, and is utilised in nearly every company. Without access to this shared data, many organizations can be left stranded and unable to operate. It is therefore clear that having malware protection present at all levels of the organization is essential, particularly on end-points that have easy access to servers and network storage. This is especially true for companies with employees who work remotely and rely on access to network storage via VPN, as local storage is not an option.

Backups are the lifeblood of any anti-ransomware strategy. If a shared drive is encrypted by malware, an IT team can recover the data from a recent backup without much data loss. That said, our survey found that over 17.2% of ransomware attacks on our respondents targeted backup data, revealing a loophole that scammers can exploit. If a company’s backup data is also encrypted, it becomes useless as a ransomware protection method. The fact that over 15% of companies do not make an effort to protect their backups from ransomware is concerning. While taking regular backups protects from other potentially disastrous situations such as hardware failures, ransomware protection should also be one of its key functions. Most, if not all, ransomware attacks can be thwarted as long as a redundant backup schedule is maintained.

IT disaster recovery plans (IT DRPs) are another essential component of protecting company data from unexpected threats. Being able to ensure business continuity in the event of a tech failure is essential. In this regard, our survey showed that a similar percentage of respondents that do not protect their backups also do not have a disaster recovery plan in place. Furthermore, having an updated IT Disaster Recovery Plan protects you from more than just ransomware attacks. Human error, hardware failure, natural disasters – these are all reasons to have a strong recovery plan in place that you can deploy at a moment’s notice to minimize damage.

Many of our respondents understand the imminent threat that ransomware attacks pose. In fact, our survey shows that the threat of ransomware has changed the way 71.3% of companies backup their data. The two most common forms of protection employed by our respondents, the survey revealed, are end-point detection software with anti-ransomware capabilities and email filtration and threat analysis. Both methods are used by 3 out of every 4 respondents (75.6% and 76.1% respectively). The former scans and analyses end-points (laptops, computers, mobile phones, tablets, etc.) for potential ransomware threats – raising the alarm if anything suspicious is found. Meanwhile, the latter performs the same function, but concentrates specifically on one of the most common sources of malware – email. Both techniques are great examples of ransomware prevention, so what happens when a ransomware attack attempt gets through? That’s where air-gapped off-site storage comes in, which nearly half of our respondents use (47.8%). These backups are stored away from the main production line, and exist disconnected from any active operation. In this way, they ensure that, in the event of a natural disaster or ransomware attack, an uncompromised backup is always available. In addition, 40.3% of our respondents mentioned that they use Application Control Policies as another way of preventing ransomware (or other malware) from taking hold at user end-points. These policies dictate which applications or programs may be launched on company devices, preventing an end-user from unknowingly launching malware on their device. Nearly 1 in every 4 companies also indicated that they use immutable storage to protect themselves from ransomware attacks (24.5%). This form of storage is a backup service provided by specialized IT security companies, through which the data stored remains exactly as it is for the entirety of its existence. It cannot be modified, deleted, moved or otherwise tampered with at any time, by anyone. This makes it extremely effective at protecting data from nearly any threat.

As found in our last survey on email security, end-users represent one of the most prominent threats to their own organizations. According to our findings, 62% of all email security breaches occurred due to user-compromised passwords and successful phishing attacks. Social engineering, such as phishing or whaling, often yields excellent results for cybercriminals. These methods are designed to manipulate end-users into opening malicious files, giving access to or sending sensitive data, making payments, etc. To protect your company against this, providing training to end-users to recognize and flag potential threats can be one of the most effective ransomware prevention techniques. This said, less than 30% of surveyed companies make the effort to educate their employees on the subject, which would make all the difference.

A note to those companies that think they are too small to be targeted by malware: think again. Our survey data makes it clear that while companies with 1-50 employees are the least common target for ransomware attacks, almost 1 in every 5 of these organizations have fallen victim to an attack. Small companies don’t tend to prioritize IT security, even if they’re a high revenue organization, until something bad happens, making them an easy target for ransomware attacks. The most vulnerable business size is that with 201-500 employees, with just over 1 in every 4 being the victim of an attack (25.3%). Organizations of this size are most likely at a stage where having a dedicated IT team is a no-brainer, but tight cybersecurity might not be a perceived priority just yet. A final interesting observation is that companies with 1,000+ employees are more likely to be attacked by ransomware than those with 501-1,000 employees. This is likely due to the fact that while the largest organizations normally have the most stringent security measures, they also represent the largest potential pay-outs to cybercriminals.

You read that right. More than 1 in every 10 companies (11.2%) represent the false sense of security that cybercriminals rely on to successfully perform their malicious operations. In fact, what is clear from these survey results is that any company, of any size, can be the victim of a ransomware attack. And while it may feel unlikely that it will happen to your company, the cost of recovery if unprepared is significantly higher than the cost of prevention.

Many are under the impression that as long as data is stored in the cloud, it isn’t possible for ransomware attackers to target it. Over 1 in every 5 of our respondents either are not sure if Microsoft 365 data is vulnerable, or don’t think it is. The answer? While it’s not quite as simple for attackers to get hold of this data, it is certainly possible. In fact, 5.1% of our respondents that reported being victims of a ransomware attack said that their Microsoft 365 and/or cloud data was affected in the attack. In our previous survey on email security and Microsoft 365, we found that 68% of our respondents expected Microsoft 365 to keep them safe from email security breaches. In reality, as can also be seen here, third-party security solutions are an essential part of any cybersecurity protection plan.