Over two-thirds (69%) of IT decision makers believe their organization will be hit by a ransomware attack over the next 12 months, although many are still unsure what that will actually entail, according to Trend Micro.
The security giant shared more findings from a poll of over 300 IT leaders, which has already revealed that 44% have experienced an attack over the past two years.
The figure for those bracing themselves for an attack in the next year rose to 75% for organizations that have already been on the receiving end, Trend Micro claimed.
Worryingly, a fifth (20%) of UK IT decision makers aren’t sure how ransomware works, while 11% have still never heard of it – despite the high media profile attacks now have.
Trend Micro cybersecurity consultant Bharat Mistry explained that awareness raising needs to improve throughout organizations.
“Awareness programs need to be treated as on-going education; something that is done yearly and not as a one-off session. The training needs to reflect the current threats and their impact with some simulated testing to see how well users are applying the knowledge,” he told Infosecurity.
“In the industry there is a lot of hype around sandboxing as an environment to see how malware would play out in a safe surroundings – maybe we need a “Human Sandbox” environment so that employees get to see the potential impact.”
The research also revealed that while IT decision makers are taking some steps to mitigate the risk of a successful ransomware attack, many are failing at the final hurdle.
For example, 97% have automated back-up and recovery in place with 86% keeping an offline copy. However, nearly half (41%) last backed up more than two years ago.
In addition, over three-quarters (77%) said they have an incident response plan in place, but a third haven’t even tested it yet.