Latest research from online security firm Trend Micro revealed that although a vast majority (82%) of UK organisations consider ransomware a threat, a fifth (20%) of UK IT decision makers are unsure how the malware actually works. A further 11% have never heard of it.
Only a third (33%) of UK IT decision makers rightly believe that the majority of ransomware infections originate from opening an attachment in an email, while a quarter (24%) believe infections come from clicking a link in an email and more than 1 in 10 (14%) believe ransomware infections originate from browsing the internet generally.
The survey also revealed UK companies lack confidence in their ability to fight off a ransomware infection, despite employing a number of prevention methods. Seven in ten companies (69%) believe it’s likely their organisation will be targeted by ransomware in the next 12 months, which raises to 75% for organisations who already have experienced a ransomware attack.
To prepare for a ransomware attack, 77% of companies surveyed have created an incident response plan, including 89% of those who have been infected recently. However, as much as a third (33%) of companies haven’t actually tested it. When asked about other ransomware prevention methods, 97% of companies said they employ automated back-up and recovery of their critical files and 86% of organisations keep an offline copy of the back-up file. However, 41% of companies last backed-up their critical files more than two years ago.
In addition, almost a third of companies (33%) do not have a program to educate employees on the hazards and prevention of phishing attacks, and only 69% of UK IT decision makers feel they have full control over the applications their users install on their devices.
Bharat Mistry, cybersecurity consultant at Trend Micro, said: “Ransomware continues to dominate the threat landscape as organisations are unwittingly fuelling the cyber-criminal underground economy. While it’s promising to see that UK organisations are preparing response plans and deploying preventative methods, a lack of understanding over how the malware actually works could make these actions redundant and is leaving organisations vulnerable to repeat attacks.”
“It’s vital that any incident response plans are tested and that employees are regularly educated on the latest attack methods to keep the threats at bay.”
The data forms part of Trend Micro’s UK ransomware research, which revealed that almost half (44%) of UK businesses have been infected by ransomware in the last 24 months. Almost a third (27%) of those more than once – with the most unlucky UK organisation targeted as much as five times. Two thirds (65%) ended up caving in to the demands and paying the ransom, perpetuating the threat cycle.
During the first part of 2016, Trend Micro blocked and detected almost 80 million ransomware threats and identified 79 new ransomware families – a 179% increase from 2015.