Tripwire just published a new study which suggests that a majority of businesses might not be adequately prepared to either prevent or fully recover from ransomware infections. They announced the results of a survey of 200 security professionals who attended RSA Conference 2016.
When asked if their company could recover from a ransomware infection without losing critical data, only 38 percent of respondents said they are “very confident” they could do so.
Respondents also have their doubts about their organizations’ ability to prevent an infection. Indeed, while a majority of participants (58 percent) have observed an increase in spear phishing emails over the past year, the same percentage said they are not confident that their executives could spot a phishing scam.
These findings suggest that if targeted by a ransomware attack, many companies will not be able to prevent or fully recover from an infection on their own. This could lead some to end up paying a ransom fee to the malware developers.
“The decision to pay a ransom comes down to the confidence and financial cost of recreating or restoring data from a previous backup,” said Travis Smith, senior security researcher for Tripwire. “Since most ransomware samples we have seen have a time limit to pay, it’s important to have confidence that you can restore the majority of data on short notice. Organizations should focus on improving backup and restoration procedures to reduce the cost of restoring data and services after a potential breach.”
Companies should also strengthen their security awareness training programs in an attempt to prevent ransomware infections in the first place. Towards that end, Tripwire recently conducted a poll on Twitter asking respondents to reflect on the most important step users can take to prevent an infection:
In total, Tripwire received 175 responses. Close to half (47 percent) of participants voted “Don’t click suspect links” as the best way users can defend against ransomware. This preference suggests that anti-phishing user education can go a long way towards preventing against a malware infection.
Find out how affordable this is for your organization and be pleasantly surprised.