Ransomware Awareness and Employee Training Programs are Becoming Board Level Priorities

During our first release of findings from the SentinelOne Global Ransomware Report 2018, we highlighted key findings as to why organizations felt they were the victim of a ransomware attack, how confident they are in defending against future attacks, and why.

With 53% of U.S. respondents blaming legacy AV for failed ransomware defense and 68% of this group feeling confident in defending against future attacks due to the replacement of legacy AV with next-gen protection, the necessity of advanced technology in modern defense was plain to see.

We now are releasing our second wave of findings from the survey, focusing on increased board level involvement in organizational defense, the increased sophistication of attacks and payment demands, and the desire for enhanced law enforcement efforts.

Organizational Security is a Top Board Level Priority

With more than half (56%) of U.S. organizations indicating they are implementing employee training and awareness programs at the board level, findings show the necessity of increased board level awareness and involvement for effective organizational security:

  • 37% of board members responded that their general attack concern level has increased.
  • 49% of boards at U.S. companies are increasing security budgets to thwart ransomware attacks.
  • 38% of board respondents are more frequently getting involved at the ground level with implementation of security processes, policies and protocols.

Cyber Criminals are Evolving with More Effective Attacks and Payment Demands

Findings provide strong evidence that cyber criminals are improving their craft by infecting organizations with faster spreading, more sophisticated and highly debilitating ransomware attacks, and are also requesting evolved payment methods to mitigate legal risk:

  • 42% of respondents recognized a faster speed of ransomware infection.
  • 43% noted a greater scale of infection – citing lateral movement across networks, not simply isolated to the endpoint.
  • 33% feel ransomware attacks have become more targeted vs. opportunistic.
  • 53% indicated attackers are demanding payments in the form of cryptocurrencies.

Companies Desire Tougher Stance from the Law Against Cyber Criminals

The research also reveals that the majority of IT Security professionals would like to see more resources for law enforcement agencies to track down cyber criminals, to protect organizations and citizens against ransomware attacks:

  • 70% of U.S. companies desire greater resources for law enforcement agencies to track down cyber criminals.
  • 57% of respondents feel laws need to catch up to modern cyber-crime activity, and impose tougher sentences on criminals.
  • There is also desire for greater international cooperation between countries, expressed by 58% of respondents.

These findings, coupled with initial findings, clearly show that although next-gen technology is paramount in defending against modern attacks, there also needs to be a shift in the organization’s frame of mind. In today’s hostile threat landscape, cyber security needs to be a top priority for every member of an organization, from board and C-level down to individual employees.