More than 400 UK-based IT managers took part in the Foursys survey, revealing insights into their security posture. Over half of the respondents worked in organisations with more than 500 employees.
Overall, 62 per cent of respondents expect IT security to have a higher priority in 2016. 15 per cent of respondents reported an IT security breach in 2015. Of those who reported a breach:
- 42 per cent said they suffered a ransomware attack;
- 10 per cent reported significant disruption to systems;
- 11 per cent admitted to data loss as a result of the breach.
Ransomware is a malware technique that effectively takes your computer or network hostage by encrypting files, folders and/or applications. The goal is to extort money from the victims, often via difficult-to-trace digital currencies like Bitcoin, in exchange for restoring the files.
“With so many victims paying out, it is no wonder that ransomware is becoming more and more attractive to cyber criminals,” said James Miller, Managing Director at Foursys. “Once files are encrypted, you’d better hope your backups are secure and up to date, or pay the fine and keep your fingers crossed that the files will be decrypted!”
Even if hackers do unlock your encrypted files after receiving payment, cooperative victims might be revisited for future extortion.
Independent computer security expert Graham Cluley said: “Online extortion – whether it be by ransomware encrypting victims’ files and locking up computers, or demanding payment to stop blasting websites offline through denial-of-service attacks – is surging and only likely to get worse in the next six months. Unless companies take steps now to reduce the risks with a layered defence and recovery procedures they may find themselves struggling to cope.”
Foursys strongly advises UK organisations to review their security posture to prevent cyber attacks like ransomware: “The only real defence from ransomware attacks is prevention. Deter them by making your organisation a seriously ugly target,” continued Miller.
Foursys security experts recommend that organisations do the following to better prevent a ransomware attack:
- Ensure all security patches are up to date;
- Run the latest version of security software to prevent unauthorised access;
- Execute penetration tests to discover unknown vulnerabilities; and
- Ensure all staff, including senior management, are kept abreast of the latest threats and their impact on business continuity.
Backing up data regularly and ensuring it’s kept safe is equally important. This approach allows potential victims to restore normal operation without having to engage with criminals.
The post Ransomware behind 42% of IT security breaches in UK organisations during 2015 appeared first on IT SECURITY GURU.
Image source: Shutterstock/Martial Red