Keeper Security released a report on the fallout from ransomware attacks that found companies having to deal with multiple negative effects following the attacks including productivity, budgets, reputation, and security posture. But most importantly, the Keeper Security study found that the post-attack security implementations put in place by these companies could have prevented most of the attacks that took place.
TechRepublic published an article detailing the findings of the study and what it could mean for businesses down the road. Keeper Security surveyed over 2,000 professionals in the U.S. and found that 93% of respondents saw tightened budgets in non-security departments following the ransom payment. This along with other results show that an entire organization will have to deal with the burden of a successful ransomware attack.
“The realities of being hit by a ransomware attack, especially for a smaller company, are much more terrifying than most people realize,” says Keeper Security CEO and co-founder, Darren Guccione, in the TechRepublic article.
Almost half of the respondents claimed to have paid the ransom and 22% would not disclose this information which shows that a lot more companies than expected are paying the ransoms, which security experts advise never to do.
Keeper Security notes that business leaders want to prevent any further malicious movement through their network while appeasing and satisfying their customers, and those cybercriminals rely on this turmoil and fear to convince the companies to pay.
Organizations really do not want to deal with the public fallout of one of these attacks as 15% did not disclose the attack with customers and partners and 26% did not disclose to the public. Companies do not want the stigma that follows being attacked as 64% thought being a victim had a negative impact on their reputation. This type of fear also gives the attackers even more leverage.
But despite all of this, many are not taking the required security steps to prevent such an attack and 29% of employees were not familiar with ransomware attacks until their company became a victim. Half of these attacks are triggered by phishing emails, which indicates that as part of taking the technical steps to better securing their networks, companies also need to work to educate employees about these attacks.
Keeper Security found that attackers tend to go after companies that do not use multi-factor authentication (MFA) and that 62% of victims implemented MFA following the attacks. Keeper Security strongly suggests that companies implement the necessary security updates before an attack takes place as these attackers are becoming bolder and more strategic.
“Given the overwhelming prevalence of these attacks, it’s shocking to see how many employees are left in the dark until it happens to them,” says Mark Cravotta, Chief Revenue Officer of Keeper Security, in the TechRepublic article. “Investing in cybersecurity measures like MFA, password management solutions and awareness training might seem like an unnecessary expenditure to companies with tighter budgets, but the costs pale in comparison to the ramifications of being the victim of a ransomware attack.”