Ransomware Hits 38% of Companies: KnowBe4
Despite an increase in efforts to prevent ransomware, the ransomware victim volume has continued to expand. More than 70% of tech companies, and about half of financial services and education organizations, reported they know a victim.
Those were among the findings in a recent survey from the Tampa Bay, Fla.-based KnowBe4. The survey compared levels of concern over ransomware from 2014 to 2016 at 1,138 companies across a variety of industries.
The results showed growing apprehension over ransomware – 79% said they are very or extremely concerned about it, compared to 73% in 2014. There was also a huge jump in the number of companies hit directly by ransomware at 38% in 2016 compared to 20% in 2014. Midsize companies with 250 to 1,000 employees were the hardest hit at 54%. Two out of three respondents said they knew victims, compared to 43% in 2014.
Additional highlights from the study included the following:
- Manufacturing has been hit the hardest at 54%, compared to 44% in healthcare, education at 35%, tech at 29% and banking at 28%.
- IT professionals surveyed said they are even more worried ransomware will continue to grow, with 93% compared to 88% in 2014.
- More than six out of 10 people surveyed said they feel email attachments pose the largest threat compared to 47% in 2014.
- Forty-one percent of companies with 1,000 or more employees experienced ransomware attacks; it was 35% for firms with less than 250 workers.
- Almost 90% said they consider security awareness training the most effective ransomware protection, immediately followed by backup at 83%, almost identical to 2014 figures.
- Only 19% said they feel their current solutions are very effective, while 70% said they feel they are somewhat effective.
- Confidence in email and spam filtering effectiveness is at 72%.
- If faced with four hours of lost work from ransomware encryption, only 40% said they would rely on backup compared to 81% in 2014. A little more than half said they would just reformat and start from scratch.
- When confronted with a scenario in which backups have failed and weeks of work might be lost, 42% said they would begin with paying the $500 ransom and hope for the best versus 57% in 2014.
“The threat of ransomware is very real and IT professionals are increasingly realizing traditional solutions are failing,” KnowBe4 CEO Stu Sjouwerman said. “IT pros agree that end-user security awareness training is one of the most effective security practices to combat these ransomware threats.”
Sjouwerman also stated, “Our study shows corporate awareness of phishing attack vectors has increased but users need more help as techniques evolve and criminal exploits become more sophisticated. The overwhelming majority of IT pros think the criminals behind ransomware should be prosecuted and sent to jail for a long time. KnowBe4 agrees, but U.S. law enforcement has no jurisdiction in Eastern Europe where these criminals are largely free to commit their crimes, and we have to rely on our own ingenuity to recognize these threats.”