How long does it take to recover from a ransomware infection?
It Takes 33 Hours according to a recent survey by Vanson Bourne of 500 cybersecurity decision makers that was sponsored by SentinelOne.
Here are some stats to chew on from the survey:
- 48% had been hit by at least one ransomware attack in the last 12 months
- The average victim was hit six times.
- 81% report that the ransomware attacker gained access to their organization’s network through phishing via email or social media network.
- 50% report that the attacker gained access through a drive-by-download caused by clicking on a compromised website.
- 40% state that it was through an infection via a computer that was part of a botnet.
- 94% stated that there was an impact on their organization as a result of these ransomware attacks.
- The most common impacts are:
- Increased spending on security (67%)
- Change of IT security strategy to focus on mitigation (52%)
- 54% of those surveyed agree that their organization has lost faith in traditional cyber security.
- 44% also agree that antivirus is dead.
- Despite this, the majority of respondents’ organizations install antivirus on all company owned static devices.
If you want to dig more into the details here is a link to the blog post where we picked up the info.
Ransomeware continues to be a problem, and it is most often exploited by users who are uneducated about basic cybersecurity and IT security practices such as:
- Not opening emails they didn't expect to get.
- Not clicking on links in these emails.
- Reviewing links in emails (by hovering over them) to ensure they go where they say they go.
At the same time organizations continue to take a "light" approach to security by not implementing:
- Basic IT policies and procedures
- Industry and regulatory specific policies and procedures
- Basic IT security practices now expected such as:
- Intrusion Detection Systems.
- Security Information and Event Management Systems.
- User web browsing control systems (Content filtering, employee internet management)
- Removal of administrative privileges to personal computers.
- Mobile device management for phones, tablets and laptops.
- Wireless authentication protocols.
- Ongoing vulnerability scanning, internally and externally.
These systems used to be advanced, but are now becoming the basics that any organization needs to have in place to protect itself, mitigate the reality of an incident and be able to recover.