Antivirus Ineffective in Preventing Ransomware According to KnowBe4 Survey
Concerned that ransomware continues its dominance as the most lucrative criminal business model in the history of malware, costing businesses upwards of $1 billion in 2016, KnowBe4 has released the findings of its newest research survey: The 2017 Endpoint Protection Ransomware Effectiveness Report.
KnowBe4, the provider of the most popular platform for security awareness training and simulated phishing, surveyed more than 500 organizations about the current state of their ransomware protection, whether they were a victim of ransomware, the impact of a successful breach and their remediation tactics. Their findings show that antivirus alone is not effective in preventing ransomware.
Out of the survey participants, there were shocking statistics from respondents around antivirus solutions' inability to protect against ransomware:
"Ransomware is primarily delivered via a phishing email, which means your users have to be trained to identify it in order to prevent it, making antivirus ineffective at stopping ransomware," said Stu Sjouwerman, CEO of KnowBe4. "It's a simple concept - if users can learn not to click the link or open the attachment they won't infect their workstation with ransomware! An important layer in any company's security stack is the last line of defense - the human firewall that can be trained to detect a phishing email. Once organizations recognize this, their security posture improves dramatically."
Of those impacted by ransomware, KnowBe4 found that on average six endpoints and two servers were affected in a given attack, meaning that the general assumption that ransomware takes over only one machine is inaccurate. The larger impact caused an average of 12 hours of user downtime and 12 hours of IT investment to remediate the problem. Ninety four percent of businesses surveyed did not pay the ransom to decrypt their data. Those that did paid at a cost of between three to five bitcoins (respectively $3,780 to $6,300 at today's exchange rate).
"As ransomware continues to explosively grow every business is at risk," added Sjouwerman. "Our research findings are fascinating as they illustrate that most companies are in an arms race to deploy endpoint solutions such as antivirus protection, but their focus on this investment is leaving massive gaps that can be manipulated. The bottom line: even with antivirus, ransomware is going to get in."
KnowBe4's research found that having some level of security awareness training in place improved an organization's ability to fend off ransomware. The organizations that combined online training with frequent phishing attack testing saw the lowest percentage (21 percent) of successful ransomware attacks in the last 12 months:
Ultimately, as shown by the survey, antivirus solutions will help keep some measure of ransomware out, but will do little to truly stop the spread of ransomware. Continual training and testing of employees will help an organization create its strongest security posture. The full report by KnowBe4 with its findings is available to download here.
KnowBe4, the provider of the world's most popular integrated new school security awareness training and simulated phishing platform, is used by more than 8,500 organizations worldwide. Founded by data and IT security expert Stu Sjouwerman, KnowBe4 helps organizations address the human element of security by raising awareness of ransomware, CEO Fraud and other social engineering tactics through a new school approach to security awareness training. Kevin Mitnick, internationally recognized computer security expert and KnowBe4's Chief Hacking Officer, helped design KnowBe4's trainings based on his well-documented social engineering tactics. Thousands of organizations trust KnowBe4 to mobilize their end-users as the last line of corporate IT defense.