New Venafi research shows 57% of companies would change their mind about paying ransoms if they had to report them
Venafi®, the inventor and leading provider of machine identity management, today announced the findings of a global survey of more than 1,500 IT security decision makers that reveals almost two-thirds (60%) believe ransomware threats should be prioritized at the same level as terrorism. These opinions echo the U.S. Department of Justice, which raised the threat level of ransomware following the Colonial Pipeline attack earlier this year.
Other key findings include:
- Over two thirds (67%) of respondents from organizations with more than 500 employees experienced a ransomware attack over the last 12 months—a figure that rose to 80% for respondents from organizations with 3,000-4,999 employees.
- Although over a third (37%) of respondents would pay the ransom, more than half of this group (57%) would reverse that decision if they had to publicly report the payment, as required by the Ransomware Disclosure Act, a U.S. Senate bill that would require companies to report ransomware payments within 48 hours.
- Despite the rising number of ransomware attacks, more than three quarters (77%) say they are confident the tools they have in place will protect them from ransomware attacks. Australian IT decision makers have the most confidence in their tools (88%), compared with 71% in the U.S. and 70% in Germany.
- Twenty-two percent believe paying a ransom to be “morally wrong.”
- Seventeen percent of those breached admitted they paid the ransom, with U.S. respondents paying most often (25%) and Australian companies paying least often (9%).
“The fact that most IT security professionals consider terrorism and ransomware to be comparable threats tells you everything you need to know—these attacks are indiscriminate, debilitating and embarrassing,” said Kevin Bocek, vice president ecosystem and threat intelligence at Venafi. “Unfortunately, our research shows that while most organizations are extremely concerned about ransomware, they also have a false sense of security about their ability to prevent these devastating attacks. Too many organizations say they rely on traditional security controls like VPNs and vulnerability scanning instead of modern security controls, like code signing, that are built into security and development processes.”
The study shows that most organizations are not using security controls that break the ransomware kill chain early in the attack cycle. Many ransomware attacks start with phishing emails that include a malicious attachment—but just 21% restrict the execution of all macros within Microsoft Office documents. Less than a fifth (18%) of companies restrict the use of PowerShell using group policy, and only 28% require all software to be digitally signed by their organization before employees are allowed to execute it.
For more information, please read the report or visit the blog.
About the research
Conducted by Sapio Research, Venafi’s survey evaluated the opinions of 1,506 IT security officers across the U.K., Australia, France, Germany, Benelux and the U.S.
About Venafi
Venafi is the cybersecurity market leader in machine identity management, securing machine-to-machine connections and communications. Venafi protects machine identity types by orchestrating cryptographic keys and digital certificates for SSL/TLS, SSH, code signing, mobile and IoT. Venafi provides global visibility of machine identities and the risks associated with them for the extended enterprise—on premises, mobile, virtual, cloud and IoT— at machine speed and scale. Venafi puts this intelligence into action with automated remediation that reduces the security and availability risks connected with weak or compromised machine identities while safeguarding the flow of information to trusted machines and preventing communication with machines that are not trusted.
With over 30 patents, Venafi delivers innovative solutions for the world’s most demanding, security-conscious Global 5000 organizations and government agencies, including the top five U.S. health insurers; the top five U.S. airlines; the top four credit card issuers; three out of the top four accounting and consulting firms; four of the top five U.S. retailers; and the top four banks in each of the following countries: the U.S., the U.K., Australia and South Africa.
The post Ransomware Study: Two Thirds of Security Professionals Believe Ransomware and Terrorism Threats Are Equal appeared first on .
