Menlo Security Report: Ransomware Attacks Are Increasing and Email Tops the List
Are ransomware attacks slowing down? Absolutely not, according to a new research report “2022 Impacts: Ransomware attacks and preparedness,” released by Menlo Security on August 3.
In fact, Menlo, a cloud security company based in Mountain View, California, found that a one-third of organizations experience a ransomware attack at least once a week, with one in 10 experiencing them more than once a day, stated a news release.
For its report, Menlo Security commissioned SAPIO Research in June 2022 to conduct the research using an email invitation and online survey. SAPIO queried more than 500 IT security professionals in the U.S. and U.K. from companies of more than 1,000 employees.
When Menlo asked respondents “what keeps them awake at night,” 41% said they “worry about ransomware attacks evolving beyond their team’s knowledge and skillset.” Also, 39% “worry about attacks evolving beyond their company’s security capabilities.”
Forty-six percent said their biggest concern is the risk of employees ignoring corporate security advice and clicking on links or attachments containing malware, according to the report. Comparatively, only 26% of respondents are worried about losing their job.
More findings from the Menlo Security report include:
- 61% of U.S. organizations and 44% in the U.K. have been the victim of a successful ransomware attack in the last 18 months.
- One in 10 admit they are unable to identify how the attacks got into company systems.
- The top three ransomware attack vectors are email (54%), web browsers via a desktop or laptop (49%) and mobile devices (39%).
Mark Guntrip, senior director of Cybersecurity Strategy at Menlo Security, added perspective to the survey results:
“Security professionals are coming under increasing pressure as organizations face an unprecedented number of highly sophisticated threats like ransomware. On the frontline of cyber defense, they are often coping with huge amounts of stress, worrying about what employees are doing, their team and whether they are getting the right support internally, so it’s no surprise they are prioritizing the business over job security. Indeed, the burnout and high churn rate of CISOs is widely reported.”
Ransomware Recovery Costs Underestimated
There is a growing disparity between the perceived cost and actual cost of recovering from a ransomware attack among security professionals, according to the report. The findings note that the average estimated cost of a ransomware attack on a business is more than $326,531. Moreover, insurance payouts can average approximately $555,000.
However, Menlo Security reports that a “significant minority” (24%) admit they don’t know the value of their insurance policy or if they even have coverage. Menlo notes industry figures that show the average total cost of recovery from a ransomware attack in 2021 was $1.4 million.
To Pay or Not to Pay
Should an organization pay a ransomware demand? The survey found that 32% of decision-makers worry about the risk of paying a ransomware demand and not getting their data back. However, nearly two-thirds of respondents said they would pay a ransomware demand.
There is a disparity of opinion on who should pay ransom, or if it should be paid at all:
- About 31% of respondents said it’s down to their insurance company to pay ransom.
- Nearly one in five said the government should pay.
- 27% said they would never pay a ransomware demand.
Guntrip explained that paying a ransomware demand depends on your level of preparedness:
“Do you have the right processes and strong backup in place? If so, you won’t need to pay it. If, however, your organization is unable to function as normal, access data or the damage is likely to bring down the business, that’s when you need to re-evaluate your options. With organizations adopting new ways of working and today’s Highly Evasive Adaptive Threats (HEAT), now is the time to re-examine your security structures to make sure you stop attacks before they even happen.”
Additional Findings from the Report
- 45% of survey respondents implement a data backup or recovery plan as the first step in the event of a ransomware attack.
- 37% inform their employees about an attack and 33% tell customers, while only 29% will contact the CEO or Board in the first instance. One in 10 admit they don’t know what step one is.
- Employees are seen as the “weakest link” in terms of cybersecurity, with U.K. respondents (52%) more worried about them than in the U.S. (33%).
- 56% of respondents are confident in their solutions for remote worker protection, despite 34% admitting that vulnerable remote workers are one of the biggest challenges when protecting against ransomware.