Worrying figures release recently in the fourth annual Hiscox Cyber Readiness Report state that one in six businesses are still opting to pay ransoms demanded by malicious individuals when falling victim to ransomware attacks.
Ransomware attacks involve an attacker infecting your systems with malware which encrypts your files and demands a ransom, usually in bitcoin, to be paid in order for you to regain access.
The Hiscox report surveyed 5,569 respondents across Europe and the USA, noting that more than 6% of respondents had previously paid ransoms which equated to more than $380 million in profits for attackers. In addition, 350 firms (16%) reported paying ransoms off the back of a malware or ransomware attack.
Other findings of the report included:
As the Hiscox report confirms, ransomware attacks are devastating to businesses of all sizes and sectors. Yet many organisations continue to pay the demands rather than implement measures to defend against them.
In many instances, caving to demands and paying the ransom provides no guarantees that you will actually regain access to your systems. Many attackers are script kiddies who have purchased tools to initiate ransomware attacks from the dark web with little knowledge of how they work and no idea of how to decrypt files once the ransom has been paid.
Also, not having appropriate defences then suffering a breach of your systems and networks leaves you wide open to suffering a myriad of consequences, such as:
A more secure option and often a more cost effective alternative would be to invest in measures to defend against cyber threats and perform regular backups of your data so you always have a clean backup to restore in the event you are breached. This mitigates the need to pay the ransom to regain access.
SES recommend that you begin by creating a robust incident response plan which can easily be following in the event your organisations suffers a breach.
In addition, SES also recommend that you perform regular Vulnerability Assessments and Penetration Tests once a year and after each major version change to review your systems and networks for vulnerabilities on an ongoing basis.
Finally, it is advisable that you perform Phishing Assessments on your organisation and provide your staff with Phishing Training to improve you employees awareness of phishing threats and provide them with the knowledge to defend against them.
If you would like to discuss your organisations security in more detail, please get in touch to speak to one of our specialists.