A recent Sophos survey of 2,700 IT managers in organisations with 100-5,000 employees around the world, revealed that many businesses are not prepared for ransomware attacks. 54% of those surveyed had experienced an attack within the past year. A further 31% are expected to fall victim in the future.
- 45% of UK organisations experienced a ransomware attack within the past 12 months.
- Healthcare was the most affected industry (76%) and financial services the least (45%).
- Cyber criminals are indiscriminate. The likelihood of organisations with 100-1,000 users falling victim is 50%, whereas those organisations with 1,001–5,000 users is 58%.
- 85% of UK organisations said that preventing attacks has got harder over the past year, and 89% said that malware has become more complex.
Dan Schiappa, senior vice president and general manager of products at Sophos, said: “Organizations of all sizes are starting 2018 with inadequate protection against ransomware, despite last year’s international headlines.” He added: “The lack of awareness and lack of protection against exploits is alarming.”
Organisations of all sizes need to be better prepared for ransomware attacks, and with attacks developing in complexity and severity, it is important to address threats.
The survey concluded: “The gap is growing between the knowledge and skills of the attackers, particularly around the areas of ransomware and exploits, and that of the IT professionals charged with stopping them. Although this creates an opportunity for cybercriminals, it can be addressed through education.”
The survey recommends educating end users, as this will enable them to identify attacks. “End users – and human error – is so often the weakest link in your security, but well-trained users can be your strongest asset.” Other recommendations include investigating advanced technologies and upgrading and updating existing technology.
Have you provided ransomware training?
Staff awareness training can often be overlooked, but even basic training has the potential to prevent future security incidents.
In response to the growing concern over ransomware and malware, we provide a scalable solution for staff awareness training. Our Phishing and Ransomware – Human patch e-learning course explains the threats that ransomware presents to organisations, and gives details of the resources available to help you understand and combat those threats. This ten-minute course provides an introduction to phishing and ransomware. We also offer a more detailed Phishing Staff Awareness Course.