Despite the Director of the FBI, the US Attorney General and the White House warning firms against paying cyber-related ransoms, 60 percent of organizations have admitted they would shell out funds in the event of an attack, according to new research from the Neustar International Security Council (NISC). When asked how much money they would consider handing over, one in five respondents said they would consider paying 20 percent or more of their company’s annual revenue.
The study, which was commissioned by Neustar and run by Harris Interactive, comes just days after US meat processing giant, JBS confirmed it had paid $11 million to the REvil ransomware gang, which locked its systems at the end of May. Earlier this month, Japanese multinational conglomerate, Fujifilm said it had refused to pay a ransom demand to the cyber gang that attacked its network in Japan, instead relying on backups to restore operations.
As a result of these recent high-profile attacks, 80 percent of cybersecurity professionals reported placing more emphasis on protecting against ransomware threats. When questioned about the technologies available to help them do so, the majority (74%) of respondents found current solutions to be either ‘very’ or ‘somewhat’ sufficient in detecting, preventing, and mitigating attacks. A quarter (26%), however, perceived the technologies available to be ‘somewhat’ or ‘very’ insufficient.
Rodney Joffe, NISC Chairman, SVP and Fellow at Neustar commented: “Companies must unite in not paying ransoms. Attackers will continue to increase their demands for ever larger ransom amounts especially if they see that companies are willing to pay. This spiral upwards must be stopped. The better alternative is to invest proactively in mitigation strategies before the attacks, including the use of qualified providers of “always-on” monitoring and filtering of traffic as part of a layered security approach.”
On high alert
During March and April, 69% of respondents perceived ransomware as an increasing threat to their organization, marking their top concern across more than a dozen threat vectors and representing a 16% spike in the average survey response over a two-year period.
This escalated concern accompanies an ongoing surge of high-profile ransomware attacks against private and public sector targets globally. In the U.S., ransomware has driven major disruptions to regional energy (Colonial Pipeline) and food (JBS) supply chains, while more localized attacks targeting healthcare, education and government services have wreaked havoc on communities and put lives in danger.
“With less than three in ten (28%) cybersecurity professionals feeling very confident that all members of their organization know the appropriate measures to take in the event of a ransomware attack, it’s no surprise that the level of concern is rising,” Joffe continued. “Given that more than a third (35%) also perceive guidance from government/official bodies to be insufficient it’s essential that organizations take matters into their own hands and educate all their employees on best practice cybersecurity processes.”