Cloudian Ransomware Survey Finds 65% of Victims Penetrated by Phishing Had Conducted Anti-Phishing Training
SAN MATEO, Calif., July 15, 2021 — Cloudian today issued its 2021 Ransomware Victims Report, based on an independent survey of 200 IT decision makers whose organizations experienced a ransomware attack between 2019 and 2021. The survey found that traditional ransomware defenses are failing, with 54% of all victims having anti-phishing training and 49% having perimeter defenses in place at the time of attack. Citing this and other findings from the survey—including the widespread impact of the attacks and the average financial costs totaling over $400,000—the report calls for organizations to focus greater attention on putting systems in place that enable quick data recovery in the event of an attack, without paying ransom.
Despite Defensive Measures, Ransomware Gets In
Many organizations spend large portions of their cybersecurity budget on defensive measures such as anti-malware software and anti-phishing training for employees. Despite these efforts, however, ransomware attacks have become increasingly sophisticated, enabling cybercriminals to penetrate the defenses. The survey found that:
- Phishing continues to be one of the easiest paths for ransomware, with 24% of ransomware attacks starting this way.
- Phishing succeeded despite the fact that 54% of all respondents and 65% of those that reported it as the entry point had conducted anti-phishing training for employees.
- 49% of respondents had perimeter defenses in place prior to the successful attack.
- Public cloud was the most common point of entry for ransomware, with 31% of respondents being attacked this way.
Attackers Move Fast and the Impact is Widespread
Once cybercriminals are able to insert ransomware, they can quickly take over and significantly impact all aspects of an organization:
- 56% of survey respondents reported that attackers were able to take control of their data and demand ransom within just 12 hours, and another 30% said it happened within 24 hours.
- More than half of those surveyed said the attacks significantly impacted their financials, operations, employees, customers and reputation.
The Financial Costs Go Beyond Just Ransom Payments
Ransom payments are significant and rising, but they’re not the only costs of an attack. For the 55% of respondents that chose to pay the ransom:
- The average ransom payment was $223,000, with 14% paying $500,000 or more.
- They spent an average of $183,000 more for other costs resulting from the attack.
- Cyber insurance covered only about 60% of the ransomware payment and other costs, presumably reflecting deductibles and coverage caps.
- Despite paying ransom, only 57% of respondents got all their data back.
“The threat of ransomware will continue to plague organizations around the world if they do not change their approach and response to it,” said Jon Toor, chief marketing officer at Cloudian. “Cyberattacks can penetrate even the most robust defenses, so it’s critical that organizations prioritize being able to recover quickly from an attack.
The best way to do so is to have an immutable backup copy of your data, which prevents hackers from encrypting or deleting the data for a specified period of time. As a result, organizations can recover an unencrypted copy of their data in the event of an attack without having to pay the ransom.”
To read the full 2021 Ransomware Victims Report, visit https://bit.ly/Cloudian2021RansomwareReport.
About the Ransomware Survey
The survey was conducted among 200 IT decision makers in the US whose organization had experienced a ransomware attack in the last two years. The interviews were conducted online by Sapio Research in April 2021 using an email invitation and an online survey.
Results of any sample are subject to sampling variation. The magnitude of the variation is measurable and is affected by the number of interviews and the level of the percentages expressing the results. In this particular study, the chances are 95 in 100 that a survey result does not vary, plus or minus, by more than 6.9 percentage points from the result that would be obtained if interviews had been conducted with all persons in the universe represented by the sample.
Sapio Research is a global, full-service market research consultancy providing high quality insights which deliver against key business objectives and inform messaging.
Cloudian is a widely deployed independent provider of object storage. With a native S3 API, it brings the scalability and flexibility of public cloud storage into the data center while providing ransomware protection and reducing TCO by 60% or more compared to traditional SAN/NAS and public cloud. The geo-distributed architecture enables users to manage and protect object and file data across sites—on-premises and in the cloud—from a single platform. Available as software or appliances, Cloudian supports conventional and containerized applications. More at cloudian.com.