Many organizations are embarrassed for suffering a ransomware attack, fearing it may hurt their reputation with partners and customers, and as a result, many decide not to disclose the information to the public, law enforcement, or clients and customers.
All of this, a new report from Keeper Security argues, means ransomware is a lot more pervasive than what’s being reported in the media.
The 2021 Ransomware Impact Report, based on a poll of 2,000 U.S. employees, states that while most organizations “responsibly disclosed” the incident to partners and customers, 15% chose not to, while another quarter (26%) kept just the general public in the dark.
Keeper Security said organizations often keep quiet in order to preserve their reputation, and that could very well be a fact – 64% of the report’s respondents said a ransomware attack had a negative impact on their organization’s reputation.
Businesses that suffer a ransomware attack have a lot more to worry about than just reputation. Most try to perform major tech updates after an attack, which only makes things worse, as 71% said these updates hurt their productivity and the ability to do their daily tasks. What’s more, two-thirds (64%) permanently lost their login credentials or important documents.
Some noticed the budgets tightening, following a ransomware attack, as well.
Even today, the best way to tackle ransomware is to educate the workforce on the dangers of phishing and how cybercriminals conduct their operations nowadays, the report hints. Almost a third of employees “never heard the word ransomware” before being hit, the report states, further adding that roughly half of the incidents started with a phishing email.
Another important method of prevention is multi-factor authentication (MFA) – a practice which most organizations implement only after suffering a ransomware attack.
“With each new ransomware incident that makes the news, onlooking companies gain a better understanding of just how financially devastating an attack can be, especially once a ransom is paid,” said Mark Cravotta, Chief Revenue Officer at Keeper Security.
“Yet, given the overwhelming prevalence of these attacks, it’s shocking to see how many employees are left in the dark until it happens to them. Investing in cybersecurity measures like MFA, password management solutions and awareness training might seem like an unnecessary expenditure to companies with tighter budgets, but the costs pale in comparison to the ramifications of being the victim of a ransomware attack.”