Ransomware: Should You Pay the Ransom?
One in three midmarket enterprises has suffered a ransomware attack in the past year, according to a recent report. Ransomware is terrifying because not only is a business’ valuable data unavailable for use, there is no guarantee that you will ever be able to take control of the data again.
Indeed, a recent survey conducted by CyberEdge Group of 1,200 IT security professionals representing 17 countries and 19 industries, found that of the 38.7% of businesses who opted to pay the ransom, 19.1% were able to recover their files using the tools provided by the ransomware authors. This research shows that only about half of those who choose to pay the ransom actually obtain control of their data.
The study also found that almost 28 percent of those who were victims of a ransomware attack permanently lost their data, whether or not they paid the ransom. However, ransomware does not have to be devastating. It is actually fairly easy to prevent it from having damaging effects on a business. To avoid this outcome, data should be backed up to multiple locations on a regular basis. Backups should also be tested by restoring data to a new location frequently to check the validity of the backup.
Some other key findings included in the survey include:
- 77% of networks were breached last year, which is down for the first time in 5 years
- 55% of organizations were compromised by ransomware last year
- 79% of IT security budgets are rising
- 12% of a typical enterprise IT budget is spent on security
- Malware, ransomware, and spear-phishing cause the most headaches
- ‘Application containers’ are this year’s weakest link
- ‘Lack of skilled personnel’ is the greatest inhibitor to IT security’s success
Although security breaches seem to be down from last year, the survey shows that budgets are still rising for IT security. I believe that as the budgets rise, breaches will continue to decline. Businesses are getting more serious about securing their environments, and the money they are spending doing so is showing this trend. Also, I believe it shows that businesses are paying the necessary money to hire companies or staff that are knowledgeable about IT security to make sure the network remains untouched by malicious activity. It will be especially important to increase IT security budgets as new threats arise like Cryptojacking, and IoT vulnerabilities.
You can download a copy of the survey from Cyber-Edge.com/cdr.