Traditional ransomware defenses are failing businesses

Half of ransomware victims had perimeter defenses set up at the time of the attack.


(Image credit: Image Credit: ESB Professional / Shutterstock)

Traditional cybersecurity strategies are failing to protect organizations from ransomware attacks, new research suggests.

According to a paper from storage firm Cloudian, based on a poll of 200 IT decision-makers whose businesses recently suffered ransomware attacks, 54 percent of all victims had their employees go through anti-phishing training. Furthermore, almost half (49 percent) had perimeter defenses set up at the time of the attack.

However, attack methods have grown too sophisticated for traditional security measures to keep up. Many attacks (24 percent) still start with a successful phishing attempt, while almost a third (31 percent) see attacker enter the network through public cloud.

In the majority of cases, it takes them less than 12 hours to seize control of all data on a network and demand a ransom fee, Cloudian says. The average ransom payment sits at $223,000, while 14 percent paid at least $500,000 to get their data back. Companies that agreed to pay the ransom also lost an average of $183,000 on other costs related to recovery.

While cyber insurance covers about 60 percent of the costs, this still leaves quite the hole in the victim’s pocket.

“The threat of ransomware will continue to plague organizations around the world if they do not change their approach and response to it,” said Jon Toor, CMO at Cloudian. “Cyberattacks can penetrate even the most robust defenses, so it’s critical that organizations prioritize being able to recover quickly from an attack.”

“The best way to do so is to have an immutable backup copy of your data, which prevents hackers from encrypting or deleting the data for a specified period of time. As a result, organizations can recover an unencrypted copy of their data in the event of an attack without having to pay the ransom.”