Traditional cybersecurity strategies are failing to protect organizations from ransomware attacks, new research suggests.
According to a paper from storage firm Cloudian, based on a poll of 200 IT decision-makers whose businesses recently suffered ransomware attacks, 54 percent of all victims had their employees go through anti-phishing training. Furthermore, almost half (49 percent) had perimeter defenses set up at the time of the attack.
All of these measures cost serious money; businesses spend north of $400,000 a year on protections such as anti-malware software and anti-phishing training.
However, attack methods have grown too sophisticated for traditional security measures to keep up. Most attacks (24 percent) still start with a successful phishing attempt, after which the attacker enters the network through the public cloud (31 percent).
In the majority of cases, it takes them less than 12 hours to seize control of all data on a network and demand a ransom fee, Cloudian says. The average ransom payment sits at $223,000, while 14 percent paid at least $500,000 to get their data back. On top of that, businesses had to pay $183,000 on average to mitigate the effects of the attack.
While cyber insurance covers about 60 percent of the costs, this still leaves quite the hole in the victim’s pocket.
“The threat of ransomware will continue to plague organizations around the world if they do not change their approach and response to it,” said Jon Toor, CMO at Cloudian. “Cyberattacks can penetrate even the most robust defenses, so it’s critical that organizations prioritize being able to recover quickly from an attack.”
“The best way to do so is to have an immutable backup copy of your data, which prevents hackers from encrypting or deleting the data for a specified period of time. As a result, organizations can recover an unencrypted copy of their data in the event of an attack without having to pay the ransom.”
