Security training provider KnowBe4 released the results of its June 2014 survey on ransomware, which found that while more IT pros than ever before are concerned about the risk of being hit with system-locking malware, a vast majority believe security awareness training and data backup are the most effective ways to stave off a serious attack.
In its latest study, KnowBe4 surveyed more than 300 IT pros to gauge the overall level of concern regarding a serious ransomware attack. The survey utilized the same set of questions as a similar survey conducted by IT Security company Webroot in January and compared the resulting changes in response.
After analyzing the data from both surveys, KnowBe4 found a growing number of IT pros are concerned about a serious ransomware attack, with 73 percent of respondents saying they were extremely concerned. Compared to the 48 percent of respondents in January who responded similarly, the survey shows a drastic increase in apprehension over potential attacks. Of those surveyed, 88 percent believe ransomware will increase for the remainder of the year, compared to 66 percent of respondents in the previous survey.
“We thought it would be interesting to use the same questions to see what impact ransomware has had in six months time. We found the threat of ransomware is very real and IT professionals are increasingly realizing traditional solutions like endpoint security are failing,” said Stu Sjouwerman, CEO of KnowBe4, in a statement. “IT pros agree that end user security awareness training is one of the most effective security practices to combat these ransomware threats.”
While KnowBe4’s forte lies in providing security awareness training, a large percentage of respondents feel backup is another viable option to work around the threat of ransomware. However, the company cites a 2013 report from Symantec (SYMC), which found that 66 percent of respondents saw recovery operations fail when attempting to restore lost data, signaling that backup and recovery is not always a solution for restoring enterprise data.
In KnowBe4’s survey, nearly half of respondents felt email attachments posed the largest threat to their organizations, with overall confidence in email and spam filtering effectiveness dropping from 88 percent in January to 64 percent in June. In accordance with KnowBe4’s own suggestions, 88 percent of respondents said security awareness training was the most viable option for protection, compared to 81 percent who believe backup is the No. 1 fix for lost data. Currently, less than a quarter of those surveyed feel their current solutions are very effective, while an additional 72 percent feel they are only somewhat successful in preventing attacks.
With overall confidence in endpoint security measures dropping from 96 percent in January to 59 percent in June, it is worrying to think cyberterrorists are effectively winning the war on enterprise security with their increasingly advanced attacks. Even more disturbing, 57 percent of IT pros surveyed by KnowBe4 said they would agree to paying a ransom if it offered the possibility of recovering weeks worth of enterprise data.
While there is no quick fix for the current ransomware environment we all live and work in, it is important to remember there are ways to combat malicious attacks, with awareness training being only one solution. If enterprise users are to give themselves the best chance of preventing corporate data loss from hackers, they should not rely on a single methodology but instead utilize all of the tools and skills available to their particular organizations.