Intermedia’s 2017 Data Vulnerability Report revealed that only 31% of the 1,000 US office workers surveyed knew what ransomware was.
Of those surveyed who have fallen victim to a ransomware attack, 59% admitted to paying the ransom personally and 37% said that their employer had paid.
73% of affected “millennial workers” reported paying a work-related ransom personally, despite being considered “the most computer-savvy group of employees.”
Why employees pay ransoms
Shame, embarrassment, concern over lost personal data, and a quicker method of retrieving data are just some reasons why employees pay the ransom personally rather than waiting for their organization to take action, which in turn could jeopardize security efforts. Paying ransoms isn’t advised as there is no guarantee that data will be returned; according to the report, 19% of the time it isn’t.
Although ransomware is increasing in terms of volume and sophistication – and getting plenty of publicity in the process – awareness appears to be falling short.
Other key findings:
- 78% of males questioned said they knew what ransomware is, compared with only 60% of women
- 70% said that their organization regularly communicates about cyber threats
- 30% said that their organization had communicated about the WannaCry attack
Although organizations are communicating with their staff about cyber threats, it is unclear whether employees know what to do should they fall victim.
Jonathan Levine, CTO at Intermedia, said:
As ransomware continues to evolve and become more advanced, organizations of all sizes and types must acknowledge it as a very real threat. This is especially true for SMBs that may not have the resources, tools, or training that larger organizations use to recognize, prevent and protect themselves from such attacks.
Providing staff with a basic understanding of ransomware and what to do should they fall victim is essential and should be included within your cybersecurity training plan.
Educate your staff on phishing and ransomware
To educate your staff on the dangers of phishing and ransomware, you should enroll them on our Phishing and Ransomware – Human patch e-learning course. This ten-minute course is designed to raise awareness of phishing and ransomware among employees, particularly those in critical service sectors such as healthcare, education, and finance. It describes the link between phishing attacks and ransomware, outlines the consequences of a successful attack, and helps staff identify how to avoid falling victim.