ransomware eye looks at viewer concept With ransomware attacks becoming increasingly more common, a surprising number of companies and organizations are sadly unprepared for the consequences of such a blow to their infrastructures. The FBI fielded approximately 2,500 reports of ransomware infections in 2015, which only counts those who swallowed their pride and stepped forward to report the incident to the agency. Estimates are that up to ten times that many were actually attacked by ransomware or similar malware variant, and chose to fight it in their own way, silently. Or worse, pay the ransom, which only encourages cybercriminals, and also, doesn’t guarantee at all that locked-up files will even be returned to you. IT experts would agree that it is a big mistake to “go it alone,” or pay the ransom. The best preparation, studies clearly show, is education, and letting experts handle data breach occurrences.

Knowing how ransomware hackers operate and also how their programs work is key in the fight against this scourge. Most people – executives and employees alike – still don’t know what a ransomware threat or attack even looks like. Imagine the difference between an office that has no clue about this, and one that’s well-educated on what the various ransomware strains (and threats) look like, and consequently, how to avoid inviting one to infiltrate your PC and network.

When Assumed “Preparedness” Reflects Lack of Preparation

In the rush to be prepared for a ransomware attack, many organizations acquire a certain amount of what they believe is adequate cybersecurity coverage, then go back to business as usual, without ongoing education for employees (and executives) about the ever-evolving ransomware strains and variants, and how best to thwart them. A recent Trend Micro survey found that a conspicuously low 6 percent of healthcare facilities reported that they were not ready for a ransomware attack. The evidence shows that obviously, this figure reflects massive overconfidence in preparedness in the healthcare industry. The same survey revealed that, conversely, fully 54% of the respondents admitted that they would suffer greatly from a ransomware attack.

A Closer Look at Data Breach Facts and Statistics

The list of prominent companies and organizations that have been hit with malware data breaches in the last five years is staggeringly long. It includes the biggest and most profitable companies across industries and market segments, including some of the biggest in government, retail, financial, healthcare, technology, and education, and millions, if not billions of clients, customers, students, patients, and users affected. These companies and institutions include:

  • AOL (in 2005), LinkedIn, Yahoo
  • Sony, Apple
  • Anthem, Hollywood Presbyterian Hospital, Marin Hospital District
  • FBI, NASA, CIA
  • The University of Calgary, Univ. of Mississippi
  • Target (dropping their Q4 2014 profits by 42%), Neiman Marcus

Related: The 15 Worst Data Breaches of the 21st Century

The education industry alone is paying out $300 per compromised record, average, with hundreds of thousands affected, or more. The health industry pays the most, at $363 per individual record breached. Hacking and malware are by far the most popular form of attack on databases, PCs, and networks, with insider attacks in second place. And, although 41% of data breaches were found to have been caused by device loss or theft, the remaining were caused by some sort of directed cyberattack. These two factors can be greatly mitigated by educating employees on proper management of devices and screening out what’s coming into those devices. So, it’s clear that preventing cyber breaches and data loss begins and ends with organizational education from the top down.

Get The Latest Healthcare Security and Compliance News Sent Directly To Your Inbox

Fill In The Form Below for industry news, information about our services, events, webinars and more.