Canadian organizations may be being hit harder by ransomware than many suspect, if an upcoming survey is representative.
Sixty-seven per cent of the 460 firms questioned said they had been victimized by ransomware in the past 12 months.
Worse is that a number of them were hit more than once — in fact some were victimized three times.
Just over 10 per cent of respondents said they were hit by the same ransomware several times because they couldn’t fully remove the malware, leaving their systems open for the attacker to return.
The full survey results will be released before the end of the year, said Kevin Lonergan, senior strategy manager Telus Cyber Security.
Lonergan described the numbers as “startling” and “eye-opening.”
Eighty-three per cent of respondents said their organizations had detected ransomware attempts in the past 12 months.
Larger organizations were more likely to have been hit than smaller ones (For example, in February the head office of Home Hardware was hit.)
The news wasn’t all bad: Sixteen per cent of respondents said they had beaten off a ransomware attack.
As for paying a ransom, 44 per cent of respondents said their firm paid up. However, only 42 per cent of those who paid said their organization was able to fully restore their data with the decryptor provided and just under half said access to their encrypted data was only partially restored. Lonergan didn’t say what had happened with the remaining eight or nine per cent of those who paid; the decryptor may not have worked at all, or they may have not received one.
That could play a factor in the decision by organizations to pay up.
“The most damaging ransomware attacks with the greatest impact to organizations are those affecting cloud-based IT systems,” Lonergan said the survey showed. This is because since the pandemic started many people are now working from home, so cloud services are increasingly targeted by threat actors.
The survey also suggested a number of best practices to defend against ransomware attacks, Lonergan said.
The most common way survey respondent firms were victimized was by exploiting misconfigurations in systems and devices. That method ranked higher than email. The conclusion, Lonergan said, is that “we really need to get better at managing vulnerabilities, prioritizing them.”
He also noted that almost 70 per cent of the firms that were able to defend against ransomware said they had a formal vulnerability management program.
It’s also important that organizations improve their incident response (IR) capabilities, Lonergan said. That was the number one way respondents said they should do better. Fewer than 60 per cent of respondents said they had a tested IR plan.
As for cyber insurance, only 40 per cent of respondents said their firm has coverage. However, of that group, two-thirds had used it to cover expenses with recovering from a cyber incident, suggesting it can be useful in at least partly paying incident costs.