IT security remains highly challenging for organisations across the globe – the gap is growing between the knowledge and skills of the attackers and that of the IT professionals charged with stopping them.
The cybersecurity landscape is complex and evolving fast especially when it comes to ransomware, the most widespread and damaging threat facing connected businesses today.
According to a recent Sophos survey, ransomware attacks are prolific – both globally and in Australia. In fact, 54% of organisations have been hit by ransomware in the past 12 months and 77% of those hit thought they were running up-to-date antivirus protection.
This demonstrates a huge gap between the protection technologies being adopted in the market and their ability to protect. What’s more, the financial implications of ransomware are on the rise – costing on average A$822,251 per attack.
The right technology
Traditional methods of protection are no longer enough to keep organisations ahead of today’s threats. Ransomware, for example, works by extorting money from victims by encrypting their files until the ransom has been paid.
Plus, one of the biggest challenges in the fight against ransomware is that there are thousands of variants, constantly being reinvented and used for attacks. At the same time, more than half of Australian businesses (54%) do not have specific anti-ransomware technology installed; contributing to ransomware’s continuous success.
And, unlike lightning, ransomware does strike twice. On average, affected organisations were hit by ransomware twice in the past year as attackers are no longer removing previous victims from their target lists.
Some sectors are at higher risk. The survey found that healthcare was the top target, followed by energy, professional services and retail. Financial services are least likely to have suffered a breach, but four in 10 have fallen victim to a ransomware attack in the past year.
Despite healthcare having the highest propensity to suffer an attack (76%), it is also the sector with the highest level of anti-ransomware protection in place (53%).
What’s next?
Businesses must be ready to protect and prepare themselves for today’s cybersecurity threats.
The key learnings to remember are:
-
You are a target
ransomware does not discriminate – small, medium and large companies have all been hit, expect to be a target and prepare to safeguard accordingly.
-
Get educated
employees can be an organisation’s weakest link or strongest security advocate; it is vital that they have the training and skills to ensure they are not the former.
-
Investigate advanced technologies
traditional antivirus and end-point security will only block known ransomware variants but with these variants evolving every day, it is critical for organisations to deploy next-generation technologies that will block zero-day attacks.
-
Patch early and patch often
weaknesses in software are commonly used by hackers to gain access to systems; patching early and patching often is the only way to overcome this.
-
Invest now
the cost of the technology is a fraction of the cost of the impact of an attack, which has the potential to bankrupt organisations both financially and in terms of reputation – businesses cannot forget this when investigating their security options.