MOUNTAIN VIEW, Calif.--(BUSINESS WIRE)--According to the SentinelOne Global Ransomware Report 2018, more than half (53 percent) of U.S. organizations that were infected with ransomware blamed legacy antivirus protection for failing to prevent the attack. Nearly 7 out of 10 of these companies have replaced legacy AV with next-gen endpoint protection to prevent future ransomware infections. This distrust in legacy AV further confirms the required shift to next-gen endpoint protection in defending against today’s most prominent information security threats.
AV Fails to Foil Ransomware
Behind employee carelessness as
the primary cause (56 percent blamed this), failed legacy AV protection
is viewed as the leading factor in successful ransomware attacks,
followed by un-timely responses (33 percent). Legacy vendors have failed
to build solutions for new vectors - specifically, many legacy AVs still
lack basic anti-exploit capabilities. In addition to naming the most
common reasons for successful attacks, respondents indicated their level
of confidence in future defense with advanced technology:
- Ninety six percent of respondents who were infected with ransomware are confident they can prevent future attacks.
- Sixty eight percent of confident respondents state this is because they replaced legacy AV with next-gen endpoint protection.
Cost of Ransomware: Negotiation Leads to More Attacks
The
survey provides strong evidence that while ransomware attacks are on the
rise, an organization should never pay the ransom in an attack due to
the frequency of subsequent attacks, and infrequency of being able to
unlock encrypted files:
- Forty five percent of U.S. companies hit with a ransomware attack last year paid at least one ransom; but only 26 percent of these companies had their files unlocked.
- U.S. organizations that paid the ransoms were targeted and attacked again with ransomware 73 percent of the time.
Interestingly, 44 percent of respondents claim that employees have paid a ransom without the involvement or sanction of IT/security teams. The U.S. is also, on average, paying higher ransoms than any region worldwide and spending more hours responding to infections:
- The average value of ransoms paid by U.S. companies was $57,088 (global average is $49,060);
- The average estimated business cost as a result of a ransomware attack – including ransom, work-loss and time spent responding, is more than $900,000;
- The average number of employee hours dedicated to responding to ransomware infection: 44 hours (global average: 40 hours).
Ransomware Impact Felt by Partners and Supply Chain
Research
also shows the significant negative impact ransomware attacks have on
third-party suppliers and partners of organizations suffering an
infection, magnifying the detriment attacks have on the U.S. business
community as a whole:
- Forty six percent claim third-party suppliers and partners suffered downtime;
- Thirty five percent claim third-party suppliers and partners suffered loss of productivity;
- Twenty percent claim third-party suppliers and partners suffered loss of revenue.
“Attackers are continually refining ransomware attacks to bypass legacy AV and to trick unwitting employees into infecting their organization. Paying the ransom isn’t a solution either – attackers are treating paying companies like an ATM, repeating attacks once payment is made,” said Raj Rajamani, SentinelOne VP of Products. “The organizations with the most confidence in stopping ransomware attacks have taken a proactive approach and replaced legacy AV systems with next-gen endpoint protection. By autonomously monitoring for attack behaviors in real-time, organizations can detect and automatically stop attacks before they take hold.”
About SentinelOne
SentinelOne
delivers autonomous endpoint protection through a single agent that
successfully prevents, detects and responds to attacks across all major
vectors. Designed for extreme ease of use, the S1 platform saves
customers time by applying AI to automatically eliminate threats in real
time for both on premise and cloud environments and is the only solution
to provide full visibility across networks directly from the endpoint.
To learn more visit sentinelone.com or follow us at @SentinelOne, on
LinkedIn or Facebook.