A new survey of over 500 businesses in the US, UK, France and Germany shows that in the last 12 months, 48 percent have fallen victim to a ransomware campaign, with 81 percent having suffered three or more attacks.
The study from endpoint security company SentinelOne reveals employee information (42 percent), financial data (41 percent) and customer information (40 percent) are the types of data most often affected by these attacks.
Respondents identified the most likely motives of their attackers as financial gain (54 percent), operational disruption (47 percent) and cyber espionage (42 percent). In 81 percent of cases respondents report that attackers were able to gain access to their organization's network through phishing emails or social media. Half say that the attacker gained access through a drive-by-download caused by clicking on a compromised website, while 40 percent state that the attack came through an infection via botnet.
There is something of a silver lining in that in 94 percent of cases ransomware has influenced a change of direction. 67 percent of businesses globally have increased IT security spending and 52 percent report they are changing their security strategies to focus on mitigation.
"These results point to a significant shift for ransomware - it's no longer just a tool for cyber crime, but now also a tool for cyber terrorism and espionage," says Tony Rowan, chief security consultant at SentinelOne. "Hackers are gaining access to sensitive assets by tricking users, and this is a problem that cannot be removed with more walls and training. Security is at a point of crisis, and customers and vendors must both instigate change. There's an immediate need for a new generation of security technologies that can discover, adapt and stop the new breed of threats as they happen".
The full report is available to download from the SentinelOne website and there's a summary of the findings in infographic form below.
Photo credit: Fabio Alcini / Shutterstock