According to recent research by SentinelOne and Vanson Bourne, 40% of UK companies fell victim to an average of five ransomware attacks in 2017, costing them £329,976 each.
The research, looking at UK organisations with at least 1,000 employees, also revealed that the overall number of organisations experiencing ransomware attacks increased from 48% in 2016 to 56% in 2018. In contrast, the average number of attacks dropped from six to five.
Other key findings:
- Employees are considered “major culprits” for carrying malware into the business – 1 in 2 respondents blamed them.
- Phishing attacks were named as the top attack vector (69%) for introducing ransomware.
- The likelihood of paying ransoms has gone from 40% in 2016 to 32% in 2018.
- 92% of security professionals feel confident about combatting ransomware in the future.
How do ransomware responses vary by country?
The research found that different countries’ responses to ransomware varied significantly. In the UK only 3% of ransoms are paid, and the UK also experienced the fewest attacks (40%), followed by the US (55%), France (59%) and Germany (70%). Although it appears that organisations are coping better with ransomware attacks, threats are ever-evolving, meaning that organisations need to continue improving their defences.
Increase ransomware awareness
Organisations should regularly make backups, which they can turn to in the event of an infection. It’d be better still if they took the following measures to prevent attacks from being successful in the first place:
- Training employees to spot ransomware and phishing attacks.
- Applying patches as soon as they are released.
- Applying access controls, ensuring sensitive information is only accessed on a ‘need-to-know’ basis.
You should also consider our Phishing and Ransomware – Human patch e-learning course.
This course introduces your employees to phishing and ransomware, explains the link between the two and shows them how such attacks work. Equipping your employees with this knowledge will help them spot attacks and respond appropriately if they think the organisation has been compromised.