A Sophos survey of 2,700 IT managers in organisations with 100-5,000 employees around the world, revealed that many businesses are not equipped for ransomware attacks. 54% of those surveyed had suffered an attack within the past year. A further 31% are expected to fall victim in the future.
- 45% of UK organisations experienced a ransomware attack within the past 12 months.
- Healthcare was the most affected industry (76%) and financial services the least (45%).
- Cyber criminals are indiscriminate. The probability of organisations with 100-1,000 users falling victim is 50%, whereas those organisations with 1,001–5,000 users is 58%.
- 85% of UK organisations said that preventing attacks has got tougher over the past year, and 89% said that malware has advanced.
Dan Schiappa, senior vice president and general manager of products at Sophos, said: “Organisations of all sizes are starting 2018 with inadequate protection against ransomware, despite last year’s international headlines.” He added: “The lack of awareness and lack of protection against exploits is alarming.”
Organisations of all sizes need to be better prepared for ransomware attacks, and with attacks evolving in complexity and severity, it is important to address threats.
The survey concluded: “The gap is growing between the knowledge and skills of the attackers, particularly around the areas of ransomware and exploits, and that of the IT professionals charged with stopping them. Although this creates an opportunity for cybercriminals, it can be addressed through education.”
The survey suggests educating users as this will enable them to spot attacks. “End users – and human error – is so often the weakest link in your security, but well-trained users can be your strongest asset.” Other suggestions include exploring advanced technologies and upgrading and updating current technology.
Have you provided ransomware training?
Staff awareness training can often be disregarded, but even basic training can have the potential to prevent future security incidents.
In response to the rising concern over ransomware and malware, we provide a scalable solution for staff awareness training. Our Phishing and Ransomware Human Patch E-learning Course explains the threats that ransomware poses to organisations, and gives details of the resources available to help you understand and overcome those threats.
We also offer a more detailed Phishing Staff Awareness E-learning Course that helps employees identify phishing attacks, explains what could happen should they fall victim and shows them how they can mitigate the threat of an attack.