Only half of ransomware payments honoured

Organisations should focus on ransomware detection and prevention rather than holding contingency funds to pay off attackers, say security experts.

The futility of relying on ransom payment is underlined by the latest cyber threat report by research and marketing firm Cyber Edge Group, which shows that half of organisations that pay ransoms never get their data back, while the other half acknowledged complete data loss.

The statistics around successful recovery of data after paying ransom demands are “plain scary”, said Steve Piper, CEO of CyberEdge Group.

“In 2017, 55% of our respondents’ organisations were victimised by ransomware. Of those victims that refused to pay the ransom (61%), the vast majority (87%) recovered their data from backups.

“This just underscores how important it is to incorporate a sensible data backup strategy as part of an organisation’s cyber threat defence strategy, he said.

Terry Ray, chief technology officer of Imperva, said in light of the fact that ransom payment is no guarantee that data will be restored, companies need to stop ransomware attacks from the very beginning – before the encryption of data takes place.

“The best way to prevent an attack is to immediately detect ransomware file access behaviours before the ransomware spreads across the network and encrypts file servers. Once detected, you can quarantine impacted users, devices and systems,” he said.

The report, based on the responses of 1,200 IT security decision makers and practitioners from 17 countries, including the UK, and 19 industry sectors, also revealed that for the first time in five years, the proportion of organisations affected by a successful cyber attack decreased slightly from 79% in 2016 to 77% in 2017. Furthermore, the number of organisations victimised by six or more successful attacks fell from 33% in 2016 to 27% in 2017.

Security budgets set a new record in 2017, the report said, with the proportion of organisations with rising IT security budgets increasing from just 48% in 2014 to 79% in 2018. The report shows that the average IT security budget is set to rise 4.7% in 2018, accounting for 12% of the overall IT budget.

For the first time in five years, the report shows that a lack of skilled personnel trumped low security awareness among employees as IT security’s greatest inhibitor to success. In 2018, four in five organisation said they are experiencing an IT security skills shortage.

“The security skills shortage is well-documented so this isn’t a surprise. However, to help overcome deficiencies in their human teams, organisations can bolster their cyber defences and bridge the skills gap using machine learning (ML) and artificial intelligence (AI),” said Ray.

“ML software can perform preventative and analytical security processes and can detect threats at a much greater speed than humans, helping to prevent attacks.”

Nine in 10 organisations are experiencing cloud security challenges, the report shows, with maintaining data privacy at the top of the list.

“This tracks with our experience that companies are not yet fully aware of the complexities involved with securing cloud data, and nor are they adequately securing their applications in the cloud – a problem that is only getting bigger,” said Ray.

“The key to securing data in the cloud is knowing where it is (discovery), knowing who accesses it (monitoring), identifying what is “wrong” (analytics), and then taking action when something wrong is identified (remediation),” he said.