In 2016, ransomware was one of the most successful forms of cybercrime. And in 2017, that continues to be the case. Ransomware has affected a reported half of all businesses in the last year, with many having been hit more than three times already.
That sobering statistic comes from the Global Ransomware Study 2016 from Sentinel One, which suggests a majority of organizations are not only increasing IT security spending as a result, but also reevaluating traditional security controls struggling to keep up with new threats from cyber criminals.
The Ransomware Threat
Before looking at the report in more detail, let’s take a moment to consider how the ransomware threat has evolved over the last couple of years. The basic principle of ransomware is to deny access to user files and demand a payment from their owner to release them. While this type of attack has been around for many years, much more targeted and sophisticated forms of attack have more recently replaced the previous indiscriminate scattergun approach.
The Ransomware and Business 2016 Report from Symantec recently highlighted how the new breed of crypto-ransomware techniques has increased the threat from ransomware. Indeed, the report describes these increasingly sophisticated methods as creating a “gold-rush mentality” in the cyber attack community, as growing numbers see the potential to extort funds from business organizations.
The added menace from these new techniques comes from the application of unbreakable encryptions on user files, which remain in place even after the malware has been removed. As a consequence, organizations without sufficient backups may see no alternative but to meet the ransom demands. The result? According to the report, the average ransom payment more than doubled from $294 in 2015 to $679 in the first half of 2016.
That average is only going to go one way as organizations struggle to keep up with the increasing sophistication of the hackers according to Jeremiah Grossman, “It’s not surprising to see high levels of apathy towards traditional antivirus software, and we don’t expect the ransomware epidemic to slow down anytime soon. The situation is likely to get far worse, as some of the ill-gotten gains will be invested into research and development designed to improve encryption strength and utilize new delivery methods, as witnessed with Locky.” (If you haven’t come across Locky you can read about it here.)
The 2016 Ransomware Study Results
The Sentinel study questioned 500 cybersecurity decision makers at organizations across the world in October 2016. Two-hundred were in the U.S., with 100 in each of the U.K., France, and Germany.
Overall almost half said that they have suffered a ransomware attack in the last 12 months, with an average six attacks at the affected companies.
Graphic source SentinelOne
Respondents reported that the most likely areas to suffer an attack were employee information, financial data, and customer information. The most common motive, unsurprisingly, was thought to be financial gain followed by disruption to the business.
Graphic source SentinelOne
The majority of attacks aren’t (yet) coming from organized cyber criminals. While 45 percent of respondents said that they thought organized crime was responsible, a slightly higher 48 percent thought they were the victims of an opportunistic hacker. That proportion may well change as the more organized criminal elements make further investments in R & D.
While almost all (94 percent) reported that the attacks had an impact on their organization, just three percent said the attackers had been able to encrypt data that they had been unable to decrypt successfully. That might be limiting the amounts of ransom paid, however the cost in terms of service downtime and reputational loss are likely somewhat higher for affected organizations. Just replacing encrypted data with backups took an average of 33 employee hours. Those without adequate backups had additional challenges.
Graphic source SentinelOne
The responses to the reporting of crimes came as a bit of a surprise to me. On average, just six in every ten IT security departments would notify their CEO or board that a ransomware attack had taken place. That figure fell to less than half in France. The average for the number that would inform law enforcement agencies was even lower at just 54 percent. I know that some attacks may have been considered fairly insignificant, but there are two points that strike me from these results.
- How can organizations have an effective strategy to defend themselves if decision makers aren’t in the loop when attacks occur?
- How can the law enforcement authorities combat cyber crime if they don’t have knowledge of more incidents of attempted ransomware attacks?
Graphic source SentinelOne
Perhaps IT security departments don’t want to admit to their shortcomings and failures. That mindset needs to change if the problem is to be fully addressed.
The main source of access to systems from attacks came, as is so often the case, from the hacker’s ability to take advantage of human frailties. As this graphic shows, just over eight in every ten organizations that suffered a ransomware attack, reported the source as a phishing attack via email or social media. Email continues to be the weapon of choice for the cyber criminal, and as users we seem to still fall for their ability to trick us into clicking on malicious links.
Graphic source SentinelOne
Given what we’ve seen from ransomware attacks in just the past few weeks, businesses need to get uber serious about security, including educating employees about the dangers of email phishing attacks, strong and frequently changed passwords, and other security basics. Email is one of the most dangerous channels for businesses, and there are ways, including digital signatures, that can help add a layer of protection. I wrote about that topic recently if you’d like to check it out: How Signing Emails Can help Keep Your Company Secure.
Combating the Ransomware Threat
Research has shown Healthcare and Financial organizations are most at risk from ransomware attacks. Their reliance on access to business critical data make them key targets. The heavily regulated nature of these sectors can bring additional risks due to compliance requirements, with fines for breaches on the rise.
Ransomware attacks should be a concern for all business organizations, whatever their size or the sector they operate in. In addition to the increasing monetary demands from cyber criminals, the loss to a business in terms of service provision and reputational damage can be severe, even from a relatively small and poorly targeted attack.
Although more than two-thirds of respondents said that spending on IT security increased following an attack, confidence in traditional methods is being eroded. Half of respondents said they have lost faith in traditional antivirus solutions, with more than a third indicating that they feel helpless against ransomware attacks.
It’s a situation that needs radical solutions. Cybercrime isn’t new: it’s simply a matter of tricking users into exposing sensitive data and then exploiting that data whenever and however possible. And to hackers, it’s what they live for. This problem has not been addressed nor can it be solved simply by adding more firewalls and end-user trainings. To make a positive impact, both customers and vendors must make real changes to the defense tools they design and use and to their security practices and operations overall. There’s a real need for a new generation of security technologies that can discover, stop and adapt to the new breed of threats and hacker strategies.
More than 50% of businesses experienced more than one security breach in 2016 and what’s on the horizon this year and beyond doesn’t look any better. Security is the number one concern on the mind of senior leaders and it’s the number one concern on the mind of consumers. And it’s going to require updating technology solutions and internal practices, and extreme vigilance on the part of IT teams to keep businesses and their data safe
All graphics are from SentinelOne and you can find their full infographic at the Global Ransomware Study 2016.
Photo Credit: martinlouis2212 Flickr via Compfight cc
Shelly Kramer is a Principal Analyst and Founding Partner at Futurum Research. A serial entrepreneur with a technology centric focus, she has worked alongside some of the world’s largest brands to embrace disruption and spur innovation, understand and address the realities of the connected customer, and help navigate the process of digital transformation. She brings 20 years' experience as a brand strategist to her work at Futurum, and has deep experience helping global companies with marketing challenges, GTM strategies, messaging development, and driving strategy and digital transformation for B2B brands across multiple verticals. Shelly's coverage areas include Collaboration/CX/SaaS, platforms, ESG, and Cybersecurity, as well as topics and trends related to the Future of Work, the transformation of the workplace and how people and technology are driving that transformation. A transplanted New Yorker, she has learned to love life in the Midwest, and has firsthand experience that some of the most innovative minds and most successful companies in the world also happen to live in “flyover country.”
Comments
Pingback: IT and HR: Working Together to Keep Employee Data Safe - Future Of Work
Pingback: IT And HR: Working Together To Keep Employee Data Safe