New analysis highlights just how prevalent ransomware attacks are today, how material the impacts are, whether organizations get their data back, and exactly how these attacks start.
I love to see reports on the current state of attacks; it gives those of you reading this blog a better idea of exactly how attacks happen and what precautions will be most effective in rendering attacks useless.
The most recent data from security vendor Hornetsecurity, in their 2022 Hornetsecurity Ransomware Attacks Analysis report shows that a sizable amount of organizations are seeing successful ransomware attacks within their organization:
- 24% of organizations have experienced a ransomware attack
- 21% of all ransomware attacks have occurred in the last 12 months
In most cases, the affected organizations are able to retrieve their data from backups, but according to the analysis, 14% of victims lost their data and 7% had to pay the ransom to get their data back – making it 1 in 5 organizations who found themselves unprepared and in trouble when it comes to their data.
So, how did these attacks occur? According to the analysis, it’s mostly related to email and/or social engineering:
- 59% of attacks started with an email-based phishing attack
- 16% of attacks started with a compromised endpoint (which is usually the result of one of four things in descending order: phishing attack, social engineering, RDP brute force, or vulnerability exploit)
The analysis also reveals that 27% of organizations don’t provide Security Awareness Training – a percentage that is likely much higher when you look at the quality of training provided (e.g., breakroom training for an hour once a quarter isn’t going to stop an attack). Using Hornet’s data, it’s evident that continual training is going to have a material impact on stopping ransomware attacks at their point of entry – the Inbox.
