Sophos Research: Organizations Hit By Ransomware Are Never the Same

Once ransomware strikes organizations, they’re never able to fully recover, according to new Sophos research.

Sophos interviewed 5,000 IT decision makers in 26 countries. All respondents are from organizations with 100-5,000 employees.

IT managers at organizations hit by ransomware are nearly three times as likely to feel “significantly behind” when it comes to understanding cyberthreats. That’s compared to their peers in organizations that were unaffected – 17% versus 6% – according to the Sophos research.

Furthermore, more than one-third of ransomware victims said their biggest cybersecurity challenge is recruiting and retaining skilled IT security professionals. That’s compared to just 19% of those who hadn’t been hit.

Less Optimistic

John Shier is senior security advisor at Sophos.

Sophos’s John Shier

“One surprising finding is the divergence in perception to preparedness and risk between the organizations that have been hit by ransomware versus those who haven’t,” he said. “Organizations that have been hit by ransomware seem to be less optimistic about their preparedness and their ability to withstand future attacks. This isn’t to say that those organizations with higher levels of confidence are wrong because they might indeed be more prepared. This could be the result of those organizations spending more time on prevention versus the victim organizations.”

It’s possible that victim organizations start out confident and then turn once attacked, Shier said.

What’s encouraging are the large number of respondents who plan to bolster their detection capabilities, He said. That’s despite a challenge with recruiting and retaining skilled workers.

“It shows that in this increasingly digital world, humans are still a very important part of security,” Shier said.

Getting Back on Track

When it comes to security focus, ransomware victims spend proportionally less time on threat prevention (43%) and more time on response (27%). That’s compared to 49% and 22%, respectively, for those who haven’t been hit.

To get back on track, organizations need to have the right tools to do so, Shier said.

“Specifically, they need tools that can help them understand how and when the attack took place, and [which] systems were impacted,” he said. “Without this information, it can be nearly impossible to fully remedy the situation since there’s a chance a compromised system will get missed and methods of entry will be overlooked.”

It’s encouraging that more than three in four organizations are patching their systems and applications within a week, Shier said.

“When combined with the State of Ransomware report, what the data also reveal is that companies that patch the fastest are not at reduced risk for ransomware,” he said. “It highlights the fact that ransomware protection is a complex interaction between people, processes and technologies.

Battling future attacks means a focus on prevention and layered security, he said. That includes prevention against known and unknown threats, and also against new tactics and vulnerabilities.

Examples of an effective layered security defense include:

• Network tools that can detect, block and isolate systems that are exhibiting suspicious or malicious activity.
• Sandboxing technology that can stop threats coming in through phishing, spam or web downloads.
• Endpoint protection that can prevent exploits, block ransomware and stop active adversaries.
• User-aware context that understands what normal looks like in your environment and responds to deviations.
• A strong security culture that understands IT security is everyone’s responsibility.