Security Awareness Training and Backup Voted Most Effective Solutions to Combat CryptoLocker
A new survey by IT Security company KnowBe4 shows the growing alarm among IT Pros about the threat of ransomware like the infamous CryptoLocker. The KnowBe4 June 2014 survey over 300 IT Pros compared the levels of concern over ransomware to a similar survey by IT Security company Webroot in January this year. The study showed the rapidly growing apprehension over ransomware, rising to 73% from 48% of those who are very or extremely concerned about it. Nearly half of the IT professionals surveyed know someone who has experienced a ransomware attack and it worries them more now with 88% expecting ransomware to increase for the remainder of the year compared to 66% at the start of this year.
“We thought it would be interesting to use the same questions to see what impact ransomware has had in six months time. We found the threat of ransomware is very real and IT professionals are increasingly realizing traditional solutions like endpoint security are failing,” said Stu Sjouwerman, CEO of KnowBe4. “IT pros agree that end-user Security Awareness Training is one of the most effective security practices to combat these ransomware threats.”
Most IT managers rely on backup get out of a tight spot but 57% agree that if their backup fails, they would be forced to pay the ransom. This can have a grave impact on organizations as backup fails 50-66% of the time, according to the method used (tape vs cloud). According to a report by Symantec in 2013, 47% of enterprises lost data in the cloud and had to restore their information from backups, 37% of SMBs have lost data in the cloud and had to restore their information from backups and 66% of those organizations saw recovery operations fail.
Among the highlights of the KnowBe4 ransomware survey;
- 88% expect ransomware to increase the rest of the year.
- 47% feel email attachments pose the largest threat.
- Confidence in endpoint security dropped from 96% in January to 59%.
- 88% consider Security Awareness Training the most effective protection from ransomware over 81% for backup.
- Only 16% feel their current solutions are very effective, while 72% feel they are somewhat effective.
- Confidence in email and spam filtering effectiveness dropped from 88% to 64%.
If faced with 4 hours of lost work from ransomware encryption, 81% would rely on backup. If confronted with a scenario where backups have failed and weeks of works might be lost, an astounding 57% would begin with paying the $500 ransom and hope for the best.
Sjouwerman further stated, “It appears the Russian cyber mob has picked a highly profitable business model. Our study shows the overwhelming majority of IT Pros think the criminals behind ransomware should be prosecuted and sent to jail for a long time. We agree, but US law enforcement has no jurisdiction in Eastern Europe where these criminals are largely free to commit their crimes.”
According to report by EMA, 56% of employees still receive no security awareness training, and the programs that do exist vary in effectiveness. KnowBe4 recommends frequent simluated phishing attacks to keep employees aware and feels so confident about the effectiveness of their program that they will cover its customer’s crypto-ransom if they get hit.
For more information visit www.KnowBe4.com