Security Awareness Training and Backup Deemed Most Effective to Combat Ransomware
(Tampa Bay, FL) June 21, 2016--A new survey by KnowBe4, the US’s most popular security awareness training & integrated phishing platform shows the growing volume of ransomware victims despite increased efforts to prevent it. This first long-term ransomware study was done in June 2016 on 1138 companies in a variety of industries and compares levels of concern over ransomware in 2014 to 2016
The study showed there is growing apprehension over ransomware, rising to 79% from 73% of those who are very or extremely concerned about it. There was a huge jump in companies hit directly by ransomware at 38% in 2016 compared to 20% in 2014. Midsize companies 250 -1000 were the hardest hit at 54%. Two out of three knew someone who was hit at 65% compared to 43% in 2014. IT professionals surveyed are even more worried ransomware will continue to grow scoring 93% over 88% in 2014.
“We thought it would be interesting to see the level of impact that ransomware has had in two years time. The threat of ransomware is very real and IT professionals are increasingly realizing traditional solutions are failing,” said Stu Sjouwerman, CEO of KnowBe4. “IT pros agree that end-user Security Awareness Training is one of the most effective security practices to combat these ransomware threats.”
Surprisingly, only 40% would rely on backup to solve the situation. However, faced with the potential scenario of several weeks of failed backups, nearly half say they would be forced to pay the ransom. This can have a grave impact on organizations as backups fail 50-66% of the time, according to the method used (tape vs cloud).
According to a report by Symantec, 47% of enterprises lost data in the cloud and had to restore their information from backups, 37% of SMBs have lost data in the cloud and had to restore their information from backups and 66% of those organizations saw recovery operations fail.
(Click image for larger version)
Additional highlights of the study include:
- 93% expect ransomware to increase the rest of 2016 over 88% in 2014.
- 61% feel email attachments pose the largest threat compared to 47% in 2014.
- A shocking 38% have been hit by ransomware compared with 20% in 2014. Companies with 250-1000 employees were the biggest targets at 54% compared with 1000+ employees at 41% and below 250 at 35%.
- In 2016, 65% know someone who has been hit compared to 43% in 2014. 71% of Tech companies know someone who has been hit, higher than education and banking who hover at or slightly above 50%.
- Manufacturing has been hit the hardest at 54% compared with 44% in Healthcare, Education at 35%, Tech at 29% and Banking at 28%.
- 89 % consider Security Awareness Training the most effective protection from ransomware, immediately followed by backup 83%, almost identical to 2014.
- Only 19 % feel their current solutions are very effective, while 70% feel they are somewhat effective.
- Confidence in email and spam filtering effectiveness is 72%.
- If faced with 4 hours of lost work from ransomware encryption, only 40% would rely on backup compared with 81% in 2014. 51% would just reformat and start from scratch (nuke).
- The study asked when confronted with a scenario where backups have failed and weeks of work might be lost, 42% would begin with paying the $500 ransom and hope for the best vs 57% in 2014.
Sjouwerman further stated, “Our study shows corporate awareness of phishing attack vectors has increased but users need more help as techniques evolve and criminal exploits become more sophisticated. The overwhelming majority of IT pros think the criminals behind ransomware should be prosecuted and sent to jail for a long time. KnowBe4 agrees, but US law enforcement has no jurisdiction in Eastern Europe where these criminals are largely free to commit their crimes, and we have to rely on our own ingenuity to recognize these threats.”
According to report by EMA, 41% of employees still receive no security awareness training, and the programs that do exist have varying effectiveness. KnowBe4 recommends frequent simulated phishing attacks to keep employees aware and on their toes. The company is so confident about the effectiveness of their program they offer a crypto-guarantee.
For more information visit www.KnowBe4.com
About Stu Sjouwerman and KnowBe4
Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, LLC, which hosts the world’s most popular integrated Security Awareness Training and Simulated Phishing platform. A data security expert with more than 30 years in the IT industry, Sjouwerman was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired 2010. Realizing that the human element of security was being seriously neglected, Sjouwerman decided to help organizations manage the problem of cybercrime social engineering tactics through new school security awareness training. More than 4000 organizations in a variety of industries, including highly-regulated fields such as healthcare, finance, energy, government and insurance have mobilized their end users as a first line of defense using KnowBe4. Sjouwerman is the author of four books, with his latest being “Cyberheist: The Biggest Financial Threat Facing American Businesses.”
