Endpoint

3/1/2018
02:53 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

KnowBe4 Issues 2018 Threat Impact and Endpoint Protection Report

Midmarket and Enterprise Organizations Are the Hardest Hit with Ransomware and External Malware

(Tampa Bay, FL)  – KnowBe4, the world’s largest provider of security awareness training and simulated phishing, today released its “2018 Threat Impact and Endpoint Protection Report.” In 2017, ransomware was a multi-billion dollar business with the number of new ransomware variants continuing to grow quarter-over-quarter. Despite the many security offerings available, organizations continue to fall victim to attacks with an average of 13% of organizations surveyed experiencing a ransomware attack and 25% of organizations experiencing an external malware attack. Knowing these factors, KnowBe4 sought to understand the overall impact ransomware has on an organization. 

Regardless of size or industry, every organization has the potential to become a victim of ransomware. The widespread, opportunistic nature of many attacks, mixed with an improvement in phishing-based social engineering, has led cybercriminal organizations to take the “shotgun” approach, targeting every business for whatever ransom can be paid. 

KnowBe4 surveyed more than 500 organizations around the globe to determine the impact a ransomware attack has on an organization, including who is at risk, what is being held for ransom, what does it take to remediate and how does it impact the overall organization. Specific findings included: 

 

Ransomware Attacks 

  • Organization Size & Industry: Midmarket organizations (1,000-5,000 employees) were hit the hardest with ransomware in 2017, with 29% indicating they experienced a ransomware attack. Organizations in manufacturing, technology and consumer-focused industries experienced the most ransomware attacks. 
  • Productivity Impact: On average, 16 workstations, 5 servers and 22 users within an organization were affected in a given attack with an average downtime of 14 hours. The organizations with the most downtime hours were mid-market and enterprise (5000+ employees) organizations.
  • Data Impact: The more critical the data is to an organization, the higher likelihood of the ransom being paid. Ninety-seven percent of organizations stated that encryption impacted common Office-type files which included critical, sensitive and proprietary data. However, it is important to note that organizations are realizing the value in maintaining backup copies of their data, with 61% recovering server data from backups and 35% recovering workstation data from backups. 
  • Cost Impact: While most organizations do not pay the ransom, the ransoms ranged from $500 to $1 Million (USD). Most bitcoin-related ransoms were 1-3 bitcoins, ranging from $600 to $11,000.

 

External Malware Attacks

  • Organization Size & Industry: On average, 24% of all organizations experienced an external attack in the last 12 months, with consumer-focused businesses, non-profits, technology and professional services being hit the hardest. Of those hit in 2017, 28% were hit in 2016. 
  • Productivity Impact: The number of systems impacted during an external attack was far more than a single endpoint; the average malware-based external attack impacted 5 workstations and one server. 
  • Data Impact: Organizations with documented breaches varied in the number of records breached. The average number of records breached was slightly higher than 15,000. The organizations with the highest number of record breaches, which went up to 100K, were mid-market and enterprise organizations. 

 

Prevention

  • Implementation of Security Software: 89% implementation, up from last year’s total of 76%.
  • Break Room-Style Training: 36% implementation, up from last year’s total of 28%.
  • Monthly Training Videos and Emails: 52% implementation, up from last year’s total of 26%. 
  • Regular Phishing Tests: 57% implementation, up from last year’s total of 36%. 
  • Security Assessment Training & Testing: 54% implementation, up from last year’s total of 34%. 

 

“While ransomware attacks are becoming more and more sophisticated, they are preventable. As the report shows, endpoint protection solutions help protect against a material percentage of malware, but don’t actually put a stop to the threat,” said Stu Sjouwerman, CEO of KnowBe4. “It’s only by adding continual testing and training of employees that organizations create their strongest security posture and see a material decrease in both ransomware and external malware attacks. This shows a well-implemented security awareness training program makes an organization much less susceptible to an attack. As these threats continue to grow, it’s imperative that organizations mobilize their last line of defense – their employees – to help protect against this threat.” 

The full report and KnowBe4’s recommendations on how to improve the overall security stance can be viewed here.

 

About KnowBe4

KnowBe4, the provider of the world’s most popular integrated new-school security awareness training and simulated phishing platform, is used by more than 15,000 organizations worldwide. Founded by data and IT security expert Stu Sjouwerman, KnowBe4 helps organizations address the human element of security by raising awareness of ransomware, CEO fraud and other social engineering tactics through a new-school approach to security awareness training. Kevin Mitnick, internationally recognized computer security expert and KnowBe4’s Chief Hacking Officer, helped design KnowBe4’s training based on his well-documented social engineering tactics. Thousands of organizations trust KnowBe4 to mobilize their end-users as the last line of corporate IT defense.

Number 231 on the 2017 Inc. 500 list, #50 on 2016 Deloitte’s Technology Fast 500 and #6 in Cybersecurity Ventures Cybersecurity 500. KnowBe4 is headquartered in Tampa Bay, Florida with European offices in England and The Netherlands. For more information, visit www.knowbe4.com and follow Stu on Twitter at @StuAllard.

Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
Higher Education: 15 Books to Help Cybersecurity Pros Be Better
Curtis Franklin Jr., Senior Editor at Dark Reading,  12/12/2018
Worst Password Blunders of 2018 Hit Organizations East and West
Curtis Franklin Jr., Senior Editor at Dark Reading,  12/12/2018
2019 Attacker Playbook
Ericka Chickowski, Contributing Writer, Dark Reading,  12/14/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
The Year in Security 2018
This Dark Reading Tech Digest explores the biggest news stories of 2018 that shaped the cybersecurity landscape.
Flash Poll
[Sponsored Content] The State of Encryption and How to Improve It
[Sponsored Content] The State of Encryption and How to Improve It
Encryption and access controls are considered to be the ultimate safeguards to ensure the security and confidentiality of data, which is why they're mandated in so many compliance and regulatory standards. While the cybersecurity market boasts a wide variety of encryption technologies, many data breaches reveal that sensitive and personal data has often been left unencrypted and, therefore, vulnerable.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-19790
PUBLISHED: 2018-12-18
An open redirect was discovered in Symfony 2.7.x before 2.7.50, 2.8.x before 2.8.49, 3.x before 3.4.20, 4.0.x before 4.0.15, 4.1.x before 4.1.9 and 4.2.x before 4.2.1. By using backslashes in the `_failure_path` input field of login forms, an attacker can work around the redirection target restricti...
CVE-2018-19829
PUBLISHED: 2018-12-18
Artica Integria IMS 5.0.83 has CSRF in godmode/usuarios/lista_usuarios, resulting in the ability to delete an arbitrary user when the ID number is known.
CVE-2018-16884
PUBLISHED: 2018-12-18
A flaw was found in the Linux kernel in the NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel id and cause a use-after-free. Thus a malicious container user can cause a host kernel memory corruption and a system ...
CVE-2018-17777
PUBLISHED: 2018-12-18
An issue was discovered on D-Link DVA-5592 A1_WI_20180823 devices. If the PIN of the page "/ui/cbpc/login" is the default Parental Control PIN (0000), it is possible to bypass the login form by editing the path of the cookie "sid" generated by the page. The attacker will have acc...
CVE-2018-18921
PUBLISHED: 2018-12-18
PHP Server Monitor before 3.3.2 has CSRF, as demonstrated by a Delete action.