Monday , 22 October 2018
Home » NEWS » THIS WEEK’S GURUS » Could complacency be setting in when it comes to ransomware?
Chris Ross, Barracuda
Could complacency be setting in when it comes to ransomware?

Could complacency be setting in when it comes to ransomware?

By Chris Ross, SVP International, Barracuda

Ransomware may be a headline favourite, but the attack itself is nothing new. In fact, it’s been around in some form or another for decades. Since last year’s high profile global campaigns such as WannaCry and NotPetya you’d be hard pressed to find anyone who isn’t aware of the threat posed.

But are the headlines representative? Do IT teams really feel the threat day-to-day? Is there a danger that our focus on ransomware could lead us to take our eye off the ball elsewhere?

We wanted to revisit the survey we first carried out last year to find out more about ransomware’s impact, so we conducted a survey of around 630 organisations globally, of which 145 came from EMEA.

What’s top of the agenda for EMEA companies?

There’s no evidence that the threat has diminished, yet the number of businesses saying that ransomware is a concern for them and their organisation has decreased slightly, from 91% in 2017 to 84% this year. That’s still an overwhelming majority, yet when viewed alongside the fall in the number of businesses that had been a victim – 30% this year as opposed to 48% when we conducted the same survey last year – perhaps this suggests that businesses are better equipped?

Maybe that’s why, once they do fall victim, businesses are seemingly more inclined to pay the ransom? Of those that were hit by ransomware, 19% claimed to have paid the ransom. Given that only 3% admitted to paying in 2017, perhaps greater awareness of the issue has also led to greater awareness of the potential consequences of not reaching a swift resolution.

Not paying ransoms is the tactic most recommended by law enforcers and experts, as if enough organisations do it, it will mean that ransomware is no longer a lucrative business for cyber criminals. Is the fact that more ransoms are being paid a huge cause of alarm? Maybe not, but we would urge businesses, regardless of how confident they are that they’ve got the right protection in place, to carry out regular backups meaning that they had another copy of the information and/or systems that were under attack.

An avoidable expense

When asked what type of email security breach is likely to be the most expensive, 32% of EMEA businesses singled out ransomware as the most expensive threat to deal with, due to the cost of a direct payment to regain access to your own systems and information.

So how are these attacks gaining access to the network? It comes as no surprise to us that nearly three quarters (74%) of attacks entered via email, with web traffic (18%) and network traffic (18%) trailing far behind. This is an increase on 2017, where email was identified as the cause in 70% of cases.

This reiterates the importance of having a comprehensive plan to defend against phishing attacks. Phishing and social engineering tactics are specially designed to trick employees into clicking on links and opening malicious attachments in emails spoofed to appear as if sent from a reputable source. Ultimately, until organisations get better at educating their users, this tactic will continue to pay dividends for the black hats.

Back it up

But what’s the answer? By backing up regularly, and adhering to the 3-2-1 backup rule, it is possible to significantly limit ransomware’s impact on an organisation and ensure that affected businesses are not forced into paying for a decryption key which may never be sent.

The 3-2-1 backup rule means:

  1. Make three copies of all of your data
  2. Store those copies in two different environments (cloud, on-premises etc)
  3. Keep one backup copy offsite so it can be kept safe from any environmental issues

About Dan Raywood

Dan Raywood is the editor in chief of the IT Security Guru. A journalist with more than 13 years experience, Dan has been at the forefront of the information security industry.

As the news editor of SC Magazine he covered breaking stories such as Stuxnet, Flame and Conficker and the online hacktivist campaigns of Anonymous and LulzSec, and broke the news on the EU’s mandatory data breach disclosure law and a vulnerability which affected more than 200 sites.

Contact Dan on dan@itsecurityguru.org, by phone on 0207 1832 839