Ransomware Victims Struggle to Recover, Hire and Spend on Threat Prevention

Written by

IT managers at organizations hit by ransomware are nearly three-times as likely to feel “significantly behind” when it comes to understanding cyber-threats.

According to new research from Sophos, organizations “are never the same after being hit by ransomware” and a third (35%) of victims reported that recruiting and retaining skilled IT security professionals was their single biggest challenge when it comes to cybersecurity.

In an email to Infosecurity, Chester Wisniewski, principal research scientist at Sophos, said that falling victim to a cyber-attack has a major impact on attitudes to cybersecurity staffing. “It is likely that there are several factors behind these varying attitudes. Firstly, the consequences of limited security skills are still fresh in the minds of those who have recently suffered the financial, operational and reputational cost of being held to ransom,” he explained.

“In addition, ransomware victims will invariably have investigated the source of the attack. In doing so, they will have identified the gaps in their defenses that enabled the attackers to penetrate their organizations and access their data. Many will likely have identified a shortage of human expertise as a contributing factor to falling victim to attack.”

The survey of 5000 IT decision makers also found that ransomware victims spend proportionally less time on threat prevention (42.6%) and more time on response (27%) compared to those who haven’t been hit (49% and 22% respectively), diverting resources towards dealing with incidents rather than stopping them in the first place.

Asked if this shows there is a requirement for a more proactive stance on security, Wisniewski said: “The difference in resource priorities could indicate that ransomware victims have more incidents to deal with overall. However, it could equally indicate that they are more alert to the complex, multi-stage nature of advanced attacks and therefore put greater resource into detecting and responding to the tell-tale signs that an attack is imminent.”

What’s hot on Infosecurity Magazine?