The UK’s largest independent cyber threat management company, Adarma, has discovered that organizations are confident in the face of ransomware. Adarma surveyed 500 C-level executives at UK organizations with more than 2,000 employees, and results showed that 58% of the respondents had experienced a ransomware attack. However, Adarma’s research also showed that 95% of the business leaders were confident in responding to these attacks effectively.
Meanwhile, more than two-thirds of the organizations that reported having suffered a ransomware attack admitted to paying the ransom.
Only 22% of the business leaders had response plans in case of an attack. One-fifth of the organizations that have put response plans in place did not have departments outside of the IT and security operations involved, being a crucial part of a strong incident response plan.
When researchers asked business leaders who takes responsibility for an attack, 33% stated they would blame the board. While 48% said that they would accuse the IT security team. Also, 19% stated that the individual who clicked on a phishing link would be responsible for the attack.
To reduce the risk of ransomware attacks on businesses, there are several steps that organizations can take, from adequate preparation and preventive measures to detection, eradication, disruption, containment, and response.
The attack surfaces of business organizations must be reduced. Along with the hardening of their systems, deployment of preventive and detective controls, implementation of a well-thought-out response plan. Also, they should test the effectiveness of their organization’s defenses regularly.