Organizations are keenly aware of the ramifications of ransomware attacks and the need to prevent them but aren’t empowering users to prevent becoming the victim.
Maybe it’s procrastination. Maybe it’s indecisiveness. Maybe it’s great leadership but poor execution. No matter the reason, we’re seeing conflicting trends in the marketplace when it comes to proactively working to prevent successful ransomware attacks.
On the one hand, you have Forrester’s publication Ransomware Recoverability Must Be a Critical Component of Your Business Continuity Plans where they specifically highlight 75% of organizations stating “improving our employees’ ransomware attack defense skills” is important and/or critical. This is great news, given the massive increases in the number of attacks, and given that, according to a new survey of government employees by IBM, 73% of them are concerned about impending ransomware threats.
So, the organizations want to make employees more savvy at defending against ransomware attacks. Perfect. Think they’re actually doing it? Guess again!
From that same IBM report, a head-shaking statistic shows what’s really transpiring. According to IBM, only 38% of employees are receiving general ransomware prevention training!
So, three-quarters of orgs say “let’s train our employees”, but only 38% of employees are receiving it? There’s a massive disconnect. To make matters worse, the IBM report also points out that 52% of state and local government budgets for managing cyberattacks have remained stagnant.
This feels like a case of organizations feeling like they can’t afford to train, when – in reality – they can’t afford not to. The use of Security Awareness Training reduces the likelihood of a successful ransomware infection, saving organizations tens or hundreds of thousands of dollars in remediation costs.