A new survey by cybersecurity firm Hornetsecurity highlights pressure points in the ransomware landscape. The data showed that over nine in ten businesses are aware of the devastating impact of ransomware attacks.
Despite this, just 54% of respondents said their leadership is actively involved in conversations and decision-making regarding ransomware prevention, while 39.7% say they are content to leave it to IT to deal with the issue.
The survey also highlighted some positive trends, for example 87.8% of respondents have implemented a disaster recovery plan for potential attacks. Of the minority who don’t have a plan, over half cited lack of resources or time as the primary reason, and one-third noted that such a plan is ‘not considered a priority by management.’
“Our annual Ransomware Survey is a timely reminder that ransomware protection is key to ongoing success. Organizations cannot afford to become victims – ongoing security awareness training and multi-layered ransomware protection are critical to ensure there are no insurmountable losses,” said Daniel Hofmann, CEO of Hornetsecurity.
Another positive trend in the survey was the decline in ransomware attacks seen by Hornetsecurity when compared to their data over the past three years. The number went from 21.1% of companies reporting falling victim in 2021 to 19.7% in 2023.
However, according to Sophos, a British cybersecurity firm, the UKs average payment from a ransomware attack rose in 2023, surpassing the global average. This suggests that while ransomware frequency might be dropping, it is likely that the ransomware gangs are just targeting more strategic victims that offer bigger pay-outs.
“Although organisations have reported fewer ransomware attacks in 2023, the threats haven’t necessarily decreased. Cybersecurity awareness among all users remains a crucial element to further decrease the risk of falling for these threats, especially as attacks become more sophisticated with new technologies,” continued Hofmann.
The most common strategies and tools to combat ransomware threats are endpoint detection software with anti-ransomware capabilities, email filtration and threat analysis, and AI-enabled security solutions, along with using immutable storage, implementing tight control of user and application permissions, and employing air-gapped storage.