Despite considerable efforts to educate employees on ransomware, many organizations still don't know what to do if they fall victim to an attack. According to part 2 of Intermedia's Data Vulnerability Report, a record number of employees and their employers are paying ransom.
Intermedia examined the security habits of more than 1,000 office workers and found that many employees draw a blank when they fall victim to ransomware. About a third admit they aren’t even familiar with ransomware.
“This lack of awareness, paired with massive global attacks such as WannaCry and Petya (and new strains popping up all the time like Bad Rabbit), is resulting in both employees and employers paying ransoms in record numbers,” according to the report.
Although 70% of office workers say their organization regularly communicates about cyber threats, employees aren't always told what exactly to do if hackers seize their computer. Because of this, employees hit by ransomware sometimes take matters into their own hands, which can dramatically undermine their organizations' security efforts.
In fact, the study shockingly reveals that employees shoulder the costs of ransomware payments more often than their employers – 59% paid the ransom personally, and 37% said their employers handled the payment.
In organizations where WannaCry was named as part of the cybersecurity training, as many as 69% of employees paid a ransom themselves. Intermedia suggests shame, as well as lack of knowledge, may drive employees to pay ransom themselves.
Other findings include:
- Over 73% of Millennial workers affected by ransomware report paying a work-related ransom
- 68% of impacted owners / executive management said they personally paid a work-related ransom
- Small and medium-sized businesses are particularly vulnerable to ransomware attacks as they lack the resources, tools and/or training that larger organizations use to recognize, prevent and protect themselves
- Ransom paid by office workers averages $1,400
- Growth in ransomware attacks is directly linked to the increased willingness of victims to cough up ransom money
To mitigate the risk of falling victim to a ransomware attack, companies would be smart to employ a proven enterprise security solution trained in sniffing out not just ransomware, but any kind of malware.
Regular backups are also a good idea. In case of an attack, organizations can restore from backup with little or no harm to their operations and, ultimately, their bottom line.
With ransomware damage costs predicted to exceed $5 billion in 2017 (up from $325 million in 2015), and the General Data Protection Regulation just around the corner, doing nothing is no longer an option – neither for big corporations nor for small businesses.