GRC Viewpoint

A Recent Global Study Echoes the U.S Department of Justice’s Opinions on Ransomware Attacks

A recently held international survey by Venafi that comprised more than 1,500 IT professionals functioning as decision-makers found that about 60 percent of key IT professionals believe ransomware threats should be considered on par with terrorism.

Venafi empowers global leaders in the security arena automate effectively for maximum efficiency.

These findings echo the United States Department of Justice that had alarmed that the threat level associated with ransomware is beyond acceptable limits.

Around 67% of participants from enterprises with more than 500 employees reported significant ransomware threats over the last 12 months. Whereas, for organizations with an employee range of about 3000 to 4000, the figure stands at 80%.

About 17% of those who have been subjected to breach admitted they paid a ransom. The U.S had the greatest number of participants who admitted to breach and ransom payment.

What has been the most alarming about the study is that most of these enterprises lack a strict or adequate cyber security management policy that is on par with the requirements.

The study clearly says that the majority of these organizations are not leveraging the security controls that can easily break the ransomware kill chain, even in the primary stages of the impending cyber-attack. It has also been noted that most ransomware threats begin with a phishing email or emails containing malicious attachments. However, a mere 21% limit the execution of all of these macros within the Microsoft office documents.

However, on the one hand, the awareness of ransomware has undoubtedly increased. On the other hand, a significant concern would be the over-reliance on conventional methods that are more or less incompatible with the ever-changing threat management landscape. As a result, experts advise a total shift from traditional controls such as vulnerability scanning or VPNs to modern security technologies such as code signing.

Related Articles

Latest Articles