A recent study conducted by Sophos concludes that Cyber Hygiene is generally poor in India. According to the same report, India also topped the list of countries being hit by ransomware attacks in the last year. Ransomware attacks are growing trouble amid the enterprise community around the world, with Indian companies being a soft target among attackers.
India tops the list of countries paying ransom
Companies first need to understand what exactly they need and how they can become better at securing themselves, said Sophos India’s Sunil Sharma during our brief interaction in March. Companies lack the understanding and need for robust cybersecurity infrastructure or allocating enough budget to ensure good cyber hygiene.
In its survey titled The State of Ransomware 2020, Sophos researchers had this to say:
“…This is not a huge surprise. Cyber hygiene is generally poor in India, and pirated technology abounds, creating weaknesses in cyber defenses and making organizations more vulnerable to attack.”
The state of ransomware in 2020
Sophos’ survey conducted with 5,000 IT managers across 26 countries reveals almost three-quarters of ransomware attacks result in the data being encrypted, which was indeed the case in some of the recent ransomware attacks on major IT companies such as Cognizant where attackers used Maze ransomware that infects and encrypts every computer in its path and exfiltrates the victim’s data to the attacker’s servers:
“51% of organizations were hit by ransomware in the last year. The criminals succeeded in encrypting the data in 73% of these attacks.”
26 percent of ransomware victims whose data was encrypted got their data back by paying the ransom. However, 1 percent of ransomware victims didn’t get their data back despite paying the ransom. While 56 percent of organizations got their back via backups, 26 percent of organizations had to pay the ransom.
Paying ransom doubles the cost of dealing with the attack
Ransomware attacks cost an average of $732,520 for companies that don’t pay the ransom. Meanwhile, this cost rises to $1,448,458 for organizations that do pay the ransom.
The public sector is less affected by ransomware
Ransomware attackers mostly target private companies that belong to the media, leisure, and entertainment industries:
“45% of public sector organizations were hit by ransomware last year, compared to a global average of 51%, and a high of 60% in the media, leisure, and entertainment industries.”
Is cybersecurity insurance a myth?
Not all insurance companies cover ransomware attacks. The report further says one in five organizations has a major hole in their cybersecurity insurance. While 84 percent of respondents said they have cybersecurity insurance, only 64 percent of respondents are actually covered for ransomware.
In 94 percent of ransomware attacks, insurance companies who cover ransomware attacks end up paying the ransom to get the data back.
Public vs private cloud debate
More than half of successful ransomware attacks (59 percent) affect data stored in the public cloud, raising the issue of private cloud vs public cloud security. The definition of public cloud storage applies to cloud-based services like Dropbox, Google Drive, etc.
Stay safe, stay home, and check out our evergreen story on how to protect against and prevent Ransomware attacks and infections!