SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
New Zealand
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewall
#
ransomware
Search
Story image
#
Cybersecurity
#
Malware
#
Ransomware
1 in 5 companies suffer ransomware attack - report
Fri, 8th Oct 2021
FYI, this story is more than a year old
Author image
By Shannon Williams, Journalist
Follow us

A recent survey of 820+ businesses found that 21% of respondents had been the victim of a ransomware attack to date.

Ransomware is one of the most common and effective forms of cyber threat, whereby attackers encrypt an organisation's data, rendering it unusable until a ransom is paid.

The study on ransomware, conducted by cybersecurity experts at Hornetsecurity, also found that almost 1 in 10 ransomware victims paid the ransom.

Of the 21% of companies that reported a ransomware attack, 9.2% recovered the data by paying the demanded ransom. The remaining respondents recovered the ransomed data through backups, yet some still reported losing data in the process.

According to the results, companies with 201-500 employees reported the highest incidence of ransomware attacks (25.3%), while those employing 1-50 had the lowest (18.7%). In geographical terms, 19.6% of North American companies reported attacks, while those based in Europe reported 21.2%.

According to the report, 15.2% of all survey respondents indicated that their company does not protect their backups from ransomware. Moreover, the survey also found that 17.2% of reported ransomware attacks targeted backup storage. These results reveal a cause for concern: that standard on-site backups do not offer 100% protection against ransomware attacks. Indeed, backups must be protected against ransomware attacks through methods such as air-gapped, offsite storage or immutable storage - two commonly reported protection methods in this survey.

Some 15.9% of respondents also reported having no disaster recovery plan in place, meaning they are typically unprepared and unequipped to deal with an attack, while 28.7% of companies do not provide training to end-users on how to recognise and flag potential ransomware attacks.

End-users represent one of the most effective methods-of-entry for ransomware attackers. Through social engineering techniques such as email phishing, end-users are manipulated into providing opportunities for malicious software to be introduced into company systems. According to this survey, more than 1 out of every 4 organisations (28.7%) do not provide training to end-users on how to recognise and handle potential ransomware threats.

The report found 71.3% of companies changed the way they back up their data in response to the threat of ransomware. The two most common forms of prevention observed in the survey are end-point detection software with anti-ransomware capabilities (75.6%), and email filtration and threat analysis (76.1%). Air-gapped, offsite storage is reported to be used 47.8% of the time - a low percentage when considering its effectiveness at enabling extraordinary data recovery.

Related stories
Wavelink partners with Orca Security to enhance cloud security
Aqua Security celebrates consecutive year of channel growth
Fortinet upscales OT & CI cybersecurity in Asia-Pacific
Five top concerns in private cloud visibility
Ransomware attacks rise in global food & agriculture sector
Top stories
Mandiant unveils latest M-Trends 2024 cybersecurity report
'Junk gun' ransomware: New low-cost cyber threat targets SMBs
Legit Security announces strategic partnership with GuidePoint Security
Healthcare sector's cybersecurity confidence misplaced, warns Kroll report
Gartner survey reveals challenges in zero-trust strategy implementation