Part 2 of Intermedia's 2017 Data Vulnerability Report examines the critical security behavioral
habits of more than 1,000 office workers related to ransomware.
Our findings revealed that while companies do provide regular cyber security training, office
workers continue to be lax on adhering to security best practices which can cause significant
financial ramifications to organizations of all sizes.
Despite headlines around WannaCry, Petya, and other ransomware outbreaks, as well as
efforts around employee education, confusion in the workplace remains regarding what
ransomware is and how it gets delivered. Subsequently, both employers and employees are
paying ransoms at record rates...when they don't need to.
SHARE THIS REPORT
The threat of ransomware, when hackers infect devices with a virus and hold data hostage until
a sum of money has been paid, is only getting worse.
ACCORDING TO THE FBI, GLOBAL RANSOMWARE DAMAGE
COSTS ARE PREDICTED TO EXCEED $5 BILLION IN 2017,
WHICH IS UP FROM $325 MILLION IN 2015, AS REPORTED BY
THE CYBER THREAT ALLIANCE
SECOND ONLY TO HARDWARE FAILURE (30%), OFFICE
WORKERS SAID RANSOMWARE/ CYBERATTACKS (29%) WERE
THE BIGGEST THREAT TO DATA LOSS WITHIN THEIR
of IT professionals were at least moderately
confident that employees in their company would
be able to identify an attempted ransomware
of office workers admit they aren't familiar with
MEN REPORT GREATER LEVELS OF AWARENESS
of male office workers
say they know what
of female office
workers say they know
what ransomware is
of office workers said their organization
regularly communicates about cyber threats
THIS INCLUDES COMMUNICATING
WITH EMPLOYEES ABOUT LARGE-SCALE GLOBAL
said their organization specifically
highlighted the WannaCry ransomware
attack as an example
Jonathan Levine,CTO, Intermedia
As ransomware continues to evolve and become more advanced, organizations of all sizes and types must acknowledge it as a very real threat. This is especially true for SMBs that may not have the resources, tools, or training that larger organizations use to recognize, prevent and protect themselves from such attacks. Ransomware can infiltrate and shutdown an entire business through one infected computer. More often than not, SMBs feel they are forced to pay a ransom they can’t, but must, afford. And hackers realize this.
While the majority of companies communicate about the threat ransomware presents, employees aren’t always told what to do if they are a victim. In fact, data shows that office workers take actions that could dramatically undermine security efforts.
EMPLOYEES SHOULDER COSTS OF RANSOMWARE PAYMENTS
MORE OFTEN THAN EMPLOYERS
OF THE OFFICE WORKERS
have fallen victim to a ransomware attack at
work. Among them:
have paid a ransom
said their employer
(often considered the
group of employees)
paying a work-related
OF THOSE WHOSE
and have been hit by
ransomware, still paid
a ransom further
highlighting that office
workers don’t know
what to do if they are
Employees may see paying the ransom out of their
own pockets as the quickest and easiest way to get
their data back, when in actuality, 19% of the time
the data isn’t released, even after the ransom is
paid. Organizations need to focus education efforts
not just on what ransomware is, but what steps
employees should take if they are impacted.
THERE ARE A NUMBER OF REASONS WHY
EMPLOYEES WOULD PAY THE RANSOM
Joshua Sharfman,Chief Technology and
Innovation Officer, California
Association of REALTORS
Two years ago, we were hit
by a very good social
attack. A cyber criminal
emailed the exploit to a
hiring manager as an
'resume.zip' referencing an
open position we had. It was 6pm on a Friday,
and so by the time the individual had realized
what had happened Monday morning, around
100,000 files were encrypted. Because we
had taken proper business continuity
planning measures, we were able to do a
mass rollback of the infected files.
We didn't pay any ransom and suffered no
data loss. We've also changed our policy to
add Zip files to the list of executable files that
are blocked by our email filter.
Twice a month, we provide
cybersecurity education. We
also conduct company
contests. For instance, after
the Equifax breach, we held
email contests to identify four potential risk
areas within a dummy email. Following the
hurricanes, we notified employees that after
disasters, there are often exploits trying to
get people to donate to seemingly legitimate
causes. The sad reality is companies need to
assume that they are vulnerable. It is not a
matter of if, it is a matter of when. In addition
to having an incident response plan ready to
go, talk to employees regularly. Humans are
generally the weakest link. We're all best
served by helping everyone to maintain a high
degree of awareness. Create a company
culture where employees know to seek
assistance if they are suspicious, ideally
before, but also after they click.
HOW INTERMEDIA'S SECURITY SUITE HELPS PARTNERS TO DIFFERENTIATE
Koert Council,Partner at Kosh Solutions
The prevalence of high-impact cyberattacks has changed the way that organizations need to approach
security. This presents MSPs with a security specialization the opportunity to help clients better prepare and
safeguard against these threats, while scaling their own business. For instance, the surge in ransomware
attacks is a significant driver of our new customer signups. Intermedia’s backup and file sharing solution
enables us to restore clients’ access to impacted documents in just minutes following a range of scenarios,
from stolen or damaged devices to ransomware attacks and other mass infections. Intermedia’s security
services suite gives us a huge market differentiator.
Integrate ransomware education into your broader data breach and cybersecurity training efforts. However,
it’s not enough to just identify the risk. These regular communications must explain what employees should
do if they are hit. Otherwise, as our report identifies, employees could take matters into their own hands.
It’s these actions that could undermine security efforts, and result in days (if not weeks) of downtime. Be
sure to have a solid business continuity plan in place to keep your business up and running in the event of a
ransomware outbreak, including installing a continuous backup product such as Intermedia's SecuriSync®.
Ideally, if you have proper backup in place, you won't have to worry about paying a ransom in the first place.
Don’t worry if this sounds like a lot to take on yourself. Intermedia can help you develop an ongoing plan, in
addition to identifying local resources that can assist with implementation process.
Check out the resources below for further information on preventing ransomware attacks, and to sign up to
receive the 3rd installment of our report on risky data and filing sharing behaviors.
Intermedia offers a broad and tightly integrated suite of cloud solutions, including UCaaS, business email, file backup, sync & share,
collaboration, identity and access management, security, and archiving – all delivered by a single provider with one point of control. Companies want security, scalability, and someone to manage the intricacies of business IT for them, and that’s just what Intermedia delivers with enterprise-grade security, a 99.999% uptime service level agreement and J.D. Power-certified 24/7 support. For more information, visit Intermedia.net or connect with us on Twitter, Facebook or LinkedIn.
This study was commissioned by Intermedia and delivered by Precision Sample®, an independent market research organization. Precision Sample has an active proprietary panel of over 3.5M respondents that is routinely validated with a stringent screening process including Verity® and RelevantID by Imperium®. Results derived from an 11-minute online survey instrument with 45 total questions, fielded June 1-5, 2017. Setup questions were used to ensure that only U.S. knowledge workers were in the sample, which was defined as those who routinely work in an office environment. Overall margin of error of +/- 2.95% at a 95% confidence interval.
All trademarks, registered trademarks, service marks, trade names and product names appearing herein are the property of their respective owners.