Despite considerable efforts to educate employees on ransomware, many organizations still don't know what to do if they fall victim to an attack. According to part 2 of Intermedia's Data Vulnerability Report, a record number of employees and their employers are paying ransom.
Intermedia examined the security habits of more than 1,000 office workers and found that many employees draw a blank when they fall victim to ransomware. About a third admit they aren’t even familiar with ransomware.
“This lack of awareness, paired with massive global attacks such as WannaCry and Petya (and new strains popping up all the time like Bad Rabbit), is resulting in both employees and employers paying ransoms in record numbers,” according to the report.
Although 70% of office workers say their organization regularly communicates about cyber threats, employees aren't always told what exactly to do if hackers seize their computer. Because of this, employees hit by ransomware sometimes take matters into their own hands, which can dramatically undermine their organizations' security efforts.
In fact, the study shockingly reveals that employees shoulder the costs of ransomware payments more often than their employers – 59% paid the ransom personally, and 37% said their employers handled the payment.
In organizations where WannaCry was named as part of the cybersecurity training, as many as 69% of employees paid a ransom themselves. Intermedia suggests shame, as well as lack of knowledge, may drive employees to pay ransom themselves.
Other findings include:
To mitigate the risk of falling victim to a ransomware attack, companies would be smart to employ a proven enterprise security solution trained in sniffing out not just ransomware, but any kind of malware.
Regular backups are also a good idea. In case of an attack, organizations can restore from backup with little or no harm to their operations and, ultimately, their bottom line.
With ransomware damage costs predicted to exceed $5 billion in 2017 (up from $325 million in 2015), and the General Data Protection Regulation just around the corner, doing nothing is no longer an option – neither for big corporations nor for small businesses.
tags
Filip is an experienced writer with over a decade of practice in the technology realm. He has covered a wide range of topics in such industries as gaming, software, hardware and cyber-security, and has worked in various B2B and B2C marketing roles. Filip currently serves as Information Security Analyst with Bitdefender.
View all postsDon’t miss out on exclusive content and exciting announcements!