More than four out of five survey respondents expect an upsurge in attacks, and most of them said they are at least somewhat prepared. Still, about one-fourth admit that they aren't ready, and fully half have not trained their employees to deal with ransomware.
That's risky, warns ISACA CEO Matt Loeb, who says, "WannaCry, Petya, Cryptolocker … ransomware will continue to be news and become the norm. What's needed is protection before an attack—not just a swift recovery afterwards."
Besides educating employees, enterprises should be more aggressive in applying software patches, which Loeb sees as critical to protecting an organization from the crippling consequences of an attack. The majority of organizations in the study have not yet experienced a ransomware attack, and only a very small minority of respondents said their organization would pay the ransom if it were hit.
To Patch Or Not To Patch, There Is No Question
Still, complacency is dangerous. "Don't assume your enterprise 'might' be a victim of ransomware," Loeb stresses. "Assume it will. Every organization needs to focus on being prepared for the next ransomware attack, through training, frequent software updates or hiring highly skilled staff." The survey included 448 respondents. About half the participating organizations have fewer than 1,500 employees, 23 percent have 1,500 to 9,999, and 28 percent have 10,000 or more workers.
They represent a wide range of industries, with financial/banking firms and technology services/consulting firms leading the way. The survey group covers the globe. Here is the slide show:
Free Phish Alert Button
When new ransomware campaigns hit your organization, it is vital that IT staff be alerted immediately. One of the easiest ways to convert your employees from potential targets and victims into allies and partners in the fight against cybercrime is to roll out KnowBe4's free Phish Alert Button to your employees' desktops. Once installed, the Phish Alert Button allows your users on the front lines to sound the alarm when suspicious and potentially dangerous phishing emails slip past the other layers of protection your organization relies on to keep the bad guys at bay.
Don't like to click on redirected links? Cut & Paste this link in your browser: