Ransomware: Half of companies would pony up

When it comes to ransomware attacks, nearly half of companies (49%) say they would pay the ransom outright, and another 25% claim it depends on how expensive the ransom is.

This was one of the findings of Fortinet’s 2021 Global State of Ransomware Report, which also revealed that ransomware is more of a concern for most (85%) organisations than other cyber threats.

According to the report, ransomware grew 1070% year over year, with participants citing the evolving threat landscape as one of the top challenges in preventing ransomware attacks.

Commenting on the findings, John Maddison, EVP of products and CMO at Fortinet, says while most companies surveyed indicated they are prepared for a ransomware attack, having implemented employee cyber training, risk assessment plans, and cyber security insurance, there was a clear gap in what many respondents viewed as essential technology solutions for protection and the technology that can best guard against the most commonly reported methods to gain entry to their networks.

The number and frequency of attacks, he says, highlight the urgency for companies to ensure their security addresses the latest ransomware attack techniques across networks, endpoints and clouds.

“As evidenced by our ransomware survey, there is a huge opportunity for the adoption of technology solutions like segmentation, SD-WAN, zero trust network access (ZTNA), as well as SEG (srcure e-mail gateway) and EDR (endpoint detection and response), to help protect against the threat of ransomware and the methods of access most commonly reported by respondents,” he says.

Based on the technologies viewed as critical, respondents were most concerned about remote workers and devices, with secure Web gateway, VPN and network access control among the top choices. While ZTNA is an emerging technology, Fortinet says it should be considered a replacement for traditional VPN technology.

However, most concerning was the low importance of segmentation (31%), a critical technology solution that prevents intruders from moving laterally across the network to access critical data and IP, the company says.

Similarly, user and entity behavior analytics and sandboxing play a critical role in identifying intrusions and new malware strains, yet both were lower on the list. Another surprise was SEG at 33%, given phishing was reported as a common entry method of attackers.

The top concern when it comes to ransomware attacks was the risk of losing data, with the loss of productivity and the interruption of operations following closely behind.

While almost all of those surveyed felt they are moderately prepared and plan to invest in employee cyber awareness training, it emerged that organisations need to recognise the value of investing in technologies such as advanced e-mail security, segmentation, and sandboxing, in addition to the mainstay technologies.