One in five UK organizations that paid-up during a ransomware attack over the past two years didn’t get their data back, according to the latest research from Trend Micro.
The security giant polled over 300 IT decision makers in large organizations to better understand levels of awareness and the impact of such threats.
Its findings add further weight to the argument that organizations shouldn’t pay the ransom, although two thirds (65%) of respondents said they did.
Nearly half (44%) of those surveyed said they’d been infected at least once over the past 24 months, with 27% having been hit more than once.
Those that had been hit claimed the infection affected a third of their employees and a similar percentage (31%) of customers – highlighting the potentially major impact of ransomware on organizations.
On the positive side, the vast majority of those hit by an attack (81%) claimed to have contacted the police, although law enforcement could only help them in half of these cases.
That stat drives home the message that IT security teams must take more effective preventative measures.
Trend Micro cybersecurity consultant, Bharat Mistry, told Infosecurity that while there’s no silver bullet, a focus in the first instance on “people and processes” will help, rather than going for whizz-bang technology solutions.
“By far the biggest weakness in any organisation are the employees, but they can also act as the first line of defence – by training users in safe online practices and making them aware of the consequences of opening suspicious attachments or click on links in unsolicited mail,” he argued.
“User education is an ongoing piece, it’s not something that you do once and forget about. It needs to be annual, with regular top-up training throughout the year and random testing as well.”
Mistry added that backing-up is essential, along the 3-2-1 rule, where three copies are made, in two different formats and with one copy offsite/offline.
“Having controls from the perimeter all to the way to the endpoint that work in a collaborative manner will certainly help in preventing that vast majority of attacks and in the cases of a targeted or zero-day based attack it will speed up the ability to detect and respond,” he concluded.
“In addition, having a segregated network can minimize the extent of an attack by localizing and containing any infection, should the worst happen.”