When ransomware like WannaCry and Petya wreaked havoc on global organizations last year, many were left seemingly defenseless against this relentless, but not entirely new, threat.
After all, ransomware has been doing the rounds for several years and its potential for disruption and harm had been widely discussed within the security world and beyond. Despite this, many organizations were still not able to effectively defend against the attacks.
In order to understand the scope of the threat, the defensive gap against ransomware, and its root causes, Sophos commissioned a survey to find out the state of endpoint security and ransomware defense readiness from respondents spanning industries across five continents.
The survey focused mainly on mid-sized organizations, with half of respondents in organizations 1000-5000 employees in size, and the other half 100-1000 employees in size. Regardless of organization size, however, the survey was remarkably consistent in its findings.
- Over half of organizations (54%) were hit by ransomware in the past year, with two attacks per organization on average.
- A further 31% of respondents say they expect to be hit by a ransomware attack in the near future.
- The median impact of a ransomware attack is $133k per organization affected – which includes not only the ransom paid but also the cost of resource to resolve the issue.
- 77% of organizations that report being hit by ransomware say they were running up-to-date endpoint security when attacked.
- Over half (54%) of organizations say they do not have any dedicated ransomware protection in place.
Much of the common thinking with IT security is once an organization encounters a specific threat, they learn from it, shore up their defenses and are better prepared against it next time. But the survey results show that ransomware throws this paradigm in the bin: Survey respondents say they were hit by ransomware again and again, and expect that they’ll fall victim to it again in the future.
Certain industries were especially pessimistic about their chances of evading a future, repeated ransomware attack: Healthcare, energy/utilities, professional services and retail respondents were amongst those who were hardest hit by ransomware in the past, with 76% of healthcare respondents saying they’ve been the victim of an attack.
After a ransomware attack takes place, it can be easy to point fingers at the breached organization: What kind of defenses did they have in place? Were their systems updated and patched correctly?
But yet again, when talking about ransomware, the old paradigms shift, as more than three-quarters of survey respondents say they were running up-to-date endpoint technology when ransomware hit. This reveals one of the key findings of this study: traditional endpoint protection alone cannot and does not stop the latest in ransomware attacks.
Last year’s headline-grabbing ransomware attacks made investigating anti-ransomware technologies a greater priority for many organizations, but it still hasn’t necessarily motivated these organizations to implement these technologies. 45% of survey respondents said they realize that anti-ransomware technology is important and that they plan to implement it in the future, but haven’t done so yet. (Another 7% said they realize the value of this kind of protection but have no plans to implement it.)
As not all anti-ransomware technologies are equally effective against the ever-evolving threat of ransomware, organizations may find themselves invested in technologies that offer little protection when the attacks occur.
The report dives deeper into this, asking survey respondents to identify the statement – out of a choice of four – that correctly defines what anti-ransomware and anti-exploit technologies do. Less than one third of respondents (31%) were able to select the correct answer. With this lack of understanding, a significant number of organizations may believe they are adequately protected against the ransomware threat, but in fact are not.
If this all seems overwhelming, take heart in the fact that you’re not alone: 87% of respondents said the malware threat had grown more complex in the last year. To effectively stop ransomware in its tracks, traditional endpoint security isn’t enough. Organizations need the strongest defense against these persistent threats, and should investigate anti-exploit and anti-ransomware technologies in order to be fully prepared against future attacks.
The full State of Endpoint Security Today report is available for download here.
Laurence Marks
From the report: “India tops the table of ransomware victims with a full two-thirds (67%) of respondents hit by ransomware in the previous year. Conversely, at the other end of the scale, in Japan one in four (41%) had suffered an attack.”
One in four? Looks like two in five to me. New math?
Paul Ducklin
Thanks for noticing!
I already pointed this out to the editors of the report – they’re on it. Not certain whether the words or the number are wrong :-) I’m guessing it should be “one in four (25%)” but I can’t be sure which part is the typo.
Ken
The chart shows 41%, so I’m guessing that the 41% is correct and the “one in four” is wrong.
Paul Ducklin
Ah, well spotted – I guess the number 0.41 (which is another way of writing 41%, because the % sign is just a squiggly shorthand way of writing “/ 100”) has both a one and a four in it…