kaptn - Fotolia

Only half of ransomware payments honoured

Only half of ransomware victims who pay ransoms to cyber criminals recover their data, a report reveals, pointing to a need for more effective strategies to deal with these attacks

Organisations should focus on ransomware detection and prevention rather than holding contingency funds to pay off attackers, say security experts.

The futility of relying on ransom payment is underlined by the latest cyber threat report by research and marketing firm Cyber Edge Group, which shows that half of organisations that pay ransoms never get their data back, while the other half acknowledged complete data loss.

The statistics around successful recovery of data after paying ransom demands are “plain scary”, said Steve Piper, CEO of CyberEdge Group.

“In 2017, 55% of our respondents’ organisations were victimised by ransomware. Of those victims that refused to pay the ransom (61%), the vast majority (87%) recovered their data from backups.

“This just underscores how important it is to incorporate a sensible data backup strategy as part of an organisation’s cyber threat defence strategy, he said.

Terry Ray, chief technology officer of Imperva, said in light of the fact that ransom payment is no guarantee that data will be restored, companies need to stop ransomware attacks from the very beginning – before the encryption of data takes place.

“The best way to prevent an attack is to immediately detect ransomware file access behaviours before the ransomware spreads across the network and encrypts file servers. Once detected, you can quarantine impacted users, devices and systems,” he said.

The report, based on the responses of 1,200 IT security decision makers and practitioners from 17 countries, including the UK, and 19 industry sectors, also revealed that for the first time in five years, the proportion of organisations affected by a successful cyber attack decreased slightly from 79% in 2016 to 77% in 2017. Furthermore, the number of organisations victimised by six or more successful attacks fell from 33% in 2016 to 27% in 2017.

Read more about backup

  • NHS trust gets Commvault to cut backup times and get set for GDPR.
  • Biggest pain in backup is lack of storage capacity, survey finds.
  • Backup methods pros and cons: Full, incremental, differential, synthetic full, incremental forever, and reverse incremental. We set out the advantages and drawbacks of each.
  • Healthcare organisation sweeps away chaotic backup situation and standardises on Veeam Backup & Replication to save £350,000 a year in management and maintenance costs.

Security budgets set a new record in 2017, the report said, with the proportion of organisations with rising IT security budgets increasing from just 48% in 2014 to 79% in 2018. The report shows that the average IT security budget is set to rise 4.7% in 2018, accounting for 12% of the overall IT budget.

For the first time in five years, the report shows that a lack of skilled personnel trumped low security awareness among employees as IT security’s greatest inhibitor to success. In 2018, four in five organisation said they are experiencing an IT security skills shortage.

“The security skills shortage is well-documented so this isn’t a surprise. However, to help overcome deficiencies in their human teams, organisations can bolster their cyber defences and bridge the skills gap using machine learning (ML) and artificial intelligence (AI),” said Ray.

“ML software can perform preventative and analytical security processes and can detect threats at a much greater speed than humans, helping to prevent attacks.”

Nine in 10 organisations are experiencing cloud security challenges, the report shows, with maintaining data privacy at the top of the list.

“This tracks with our experience that companies are not yet fully aware of the complexities involved with securing cloud data, and nor are they adequately securing their applications in the cloud – a problem that is only getting bigger,” said Ray.

“The key to securing data in the cloud is knowing where it is (discovery), knowing who accesses it (monitoring), identifying what is “wrong” (analytics), and then taking action when something wrong is identified (remediation),” he said.

Malware threats

Organisations are most concerned about malware threats, followed by ransomware, phishing attacks and credential abuse or account takeover attacks. Insider threats has fallen from third place in 2017 to tenth place in 2018.

“This statistic does raise a red flag because while concern over insider threats has decreased over the last year, organisations should not overlook the threat as it is still very real,” said Ray.

“To protect against insider threats, organisations can depend on solutions that leverage machine learning to analyse patterns in user behaviour and detect insider threats at a much greater speed than humans.”

In line with several other recent security threat reports, the Cyber Edge Group report identifies application containers such as Docker, Cloud Foundry, and Kubernetes as IT security’s new weakest link.

The IT security technologies most planned for acquisition in 2018 include: advanced malware analysis and sandboxing for network security, containerisation and micro-virtualisation for endpoint and mobile security, and API gateway technologies for application and data-centric security.

Read more on Hackers and cybercrime prevention