Almost two-thirds (60%) of IT decision makers believe ransomware threats should be prioritized at the same level as terrorism, according to latest research by Venafi, a Salt Lake City-based provider of machine identify management solutions.
The research comes after the U.S Department of Justice raised the threat level of ransomware following the Colonial Pipeline attack in May of last year.
“The fact that most IT security professionals consider terrorism and ransomware to be comparable threats tells you everything you need to know; these attacks are indiscriminate, debilitating and embarrassing,” said Kevin Bocek, vice president ecosystem and threat intelligence at Venafi in a statement.
Over a third of survey respondents indicated they would agree to pay a ransom, but more than half (57%) indicated they wouldn’t if they had to publicly report it. About 22% of respondents believe paying a ransom is morally wrong.
Seventeen percent of respondents, whose companies were breached, admitted to paying the ransom, with U.S. respondents paying most often (25%) and Australian companies paying the least often (9%).
Related: CISOs’ Confidence In Security Dwindles As Cyber Attacks Increase
The Ransomware Disclosure Act, a U.S. Senate Bill would require companies to report ransomware payments within 48 hours.
When it comes to the tools to protect against ransomware attacks, more than three quarters (77%) say they are confident in the tools they have. Australian IT decision makers have the most confidence in their tools (88%), compared with 77% in the U.S. and 70% in Germany.
The study also revealed that less than one-third of respondents have implemented basic controls that break the ransomware chain.
“Unfortunately, our research shows that while most organizations are extremely concerned about ransomware, they also have a false sense of security about their ability to prevent these devastating attacks. Too many organizations say they rely on traditional security controls like VPNs and vulnerability scanning instead of modern security controls, like code signing, that are built-in to security and development processes,” said Bocek in a statement.
If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our digital newsletters!
Leave a Reply