Most organizations remain unprepared for ransomware attacks

Too many organizations are failing to meet cybersecurity demands. Ransomware attacks abound and humans are still the weakest link.

The gap between perceived and actual preparedness among respondents signifies the extent to which most businesses are still trying to identify and mitigate points of compromise that could be exploited by ransomware threat actors.

This split is particularly apparent in human training. Just two in five respondents said their organization fully implemented a training program for information security, email and ransomware. One in ten said their organization has no such training at all — the remainder have at least started the process.

“Humans are the weakest link and it’s almost always due to lack of training or simple human error,” Scott Lowe, CEO, co-founder and lead industry analyst at ActualTech, wrote in the report. The survey released last week was commissioned by HYCU, which provides cloud-based backup and recovery services.

The study also underscores a common theme in cybersecurity — follow through on preparedness, recovery and response is lacking, even though companies acknowledge threats. Crucial tools and services remain at heightened risk.

“A staggering 40% suffering a ransomware attack would be without business-critical systems for between two and 15 days,” Lowe wrote in the report.

To minimize downtime, organizations need to assess all of their systems and categorize them based on business importance, the study concluded. This exercise allows organizations to develop appropriate mitigation and recovery plans in line with potential risks and investments they’re willing to make in each category.

Read this and more at Cybersecurity DIVE

Spread the love