- Buy Microsoft Visio Professional or Microsoft Project Professional 2024 for just $80
- Get Microsoft Office Pro and Windows 11 Pro for 87% off with this bundle
- Buy or gift a Babbel subscription for 78% off to learn a new language - new low price
- Join BJ's Wholesale Club for just $20 right now to save on holiday shopping
- This $28 'magic arm' makes taking pictures so much easier (and it's only $20 for Black Friday)
Ransomware Threat Just as Urgent as Terrorism, Say Two-Thirds of IT Pros
Nearly two-thirds (60%) of security professionals believe the threat of ransomware should be treated with the same urgency as terrorism, according to new research by Venafi.
The survey of 1500 IT security decision-makers from the UK, US, Australia, France, Germany, Benelux and the US highlights the growing concerns about the scale and damage of ransomware attacks, which have surged during the COVID-19 crisis.
More than two-thirds (67%) of respondents from organizations with over 500 employees experienced a ransomware attack over the past 12 months. For organizations with 3000-4999 employees, that figure rose to an astonishing 80%.
Of those organizations that have been breached, 17% admitted they paid the ransom. US respondents paid most often (25%), while Australian firms paid the least often (9%).
Worryingly, over a third (37%) of the IT decision-makers admitted they would pay a ransom following a successful attack. However, over half (57%) of this group said they would reverse that decision if they were required to publicly report the payment. This requirement could be put into law in the US under the Ransomware Disclosure Act, a bill recently introduced to the US Senate. This would force organizations to disclose any ransom payments to the Department of Homeland Security (DHS).
Less than a quarter (22%) said they believed paying a ransom to be “morally wrong.”
Despite the growing menace of ransomware, over three-quarters (77%) of the respondents said they were confident the tools they have in place will protect them from these attacks. Australian IT decision-makers had the most confidence (88%) of all the countries included.
However, the survey also found that most organizations do not use security controls that can prevent ransomware attacks early in their life cycle. For example, just 21% restrict the execution of all macros within Microsoft Office documents and under a fifth (18%) restrict the use of PowerShell using group policy.
Kevin Bocek, vice president ecosystem and threat intelligence at Venafi, commented: “The fact that most IT security professionals consider terrorism and ransomware to be comparable threats tells you everything you need to know—these attacks are indiscriminate, debilitating and embarrassing.
“Unfortunately, our research shows that while most organizations are extremely concerned about ransomware, they also have a false sense of security about their ability to prevent these devastating attacks. Too many organizations say they rely on traditional security controls like VPNs and vulnerability scanning instead of modern security controls, like code signing, that are built into security and development processes.”
