2 in 3 firms faced ransomware attack

Most organisations (85%) are more concerned about ransomware than other cyberthreats, findings of the 2021 Global State of Ransomware Report from FortiGuard Labs show.

The report is based on a survey conducted in August 2021 and covered 455 IT and security leaders from small as well as mid- to large-sized organisations in 24 countries across the world.

Fortinet said that while the majority of firms surveyed indicated they are prepared for a ransomware attack — including employee cyber training, risk assessment plans, and cybersecurity insurance — there was a clear gap in what many respondents viewed as essential technology solutions for protection and the technology that can best guard against the most commonly reported methods to gain entry to their network.

Based on the technologies viewed as essential, organisations were most concerned about remote workers and devices, with Secure Web Gateway, VPN and Network Access Control among the top choices. 

The top concern of firms regarding a ransomware attack was the risk of losing data, with the loss of productivity and the interruption of operations following closely behind. In addition, 84% of organizations reported having an incident response plan, and cybersecurity insurance was a part of 57% of those plans. 

With regard to paying ransom if attacked, the procedure for 49% was to pay the ransom outright and, for another 25%, it depends on how expensive the ransom is. Of the one-quarter who paid ransom, most, but not all, got their data back.

While concerns about ransomware were reasonably consistent across the board, there were some differences regionally. Respondents in Europe, Middle East and Africa (95%), Latin America (98%), and Asia Pacific including Japan) (98%) were only slightly more concerned about ransomware attacks than their peers in North America (92%). 

Fortinet said that while almost all of those surveyed felt they are moderately prepared and plan to invest in employee cyber awareness training, organisations need to recognise the value of investing in technologies like advanced email security, segmentation, and sandboxing — in addition to the mainstays of NGFW, SWG, and EDR, to detect, prevent, and limit ransomware.

“The high amount of attacks demonstrates the urgency for organisations to ensure their security addresses the latest ransomware attack techniques across networks, endpoints, and clouds,” said John Maddison, EVP of products and CMO at Fortinet. “The good news is that organisations are recognising the value of a platform approach to ransomware defense.”