2016 Ransomware Trends Analyzed by BitSight

A new report on 2016 ransomware trends has recently been released by security firm BitSight. For the report, BitSight researchers analyzed 2016 ransomware trends across almost 20,000 companies in the United States from a wide range of industry sectors. The report shows that while healthcare organizations have made the news following high profile attacks this year, it is actually the education sector that has been hit the hardest. The government came second, with the healthcare industry the third most targeted sector.

Ransomware is a growing problem and no industry is immune to attack. The report cites research from the Department of Justice that indicates more than 4,000 ransomware attacks are now occurring every day.  According to the report, attacks were most commonly conducted using Locky, Nymaim, and Cryptowall.

Educational institutions recorded three times as many ransomware attacks as the healthcare industry and ten times as many attacks as the financial sector. One in ten educational institutions has now experienced a ransomware attack in the past 12 months.

BitSight has developed a platform that rates organizations’ security effectiveness. An analysis of client data shows the finance industry is the most secure and best equipped to deal with the increasing range of cybersecurity threats, in part, due to more widespread adoption of the NIST Cybersecurity Framework and other security frameworks.

The retail industry was rated second, with the healthcare industry ranked third. Education received one of the lowest ratings. This is because budgets for cybersecurity are typically far lower than other industry sectors, fewer IT security staff tend to be employed, and there is a far higher rate of file sharing on networks.

The relative lack of cybersecurity defenses makes educational institutions easy targets; however, healthcare, government and the finance sector are also being increasingly targeted. They may prove to be harder targets to attack, but these industries are the most dependent on data. That makes it far more likely that a ransom will be paid.

Even if cybersecurity defenses are improved, one of the biggest threats comes from phishing and spear phishing emails. It is far easier to convince an employee to install ransomware that it is to break through organizations’ perimeter defenses. In addition to improvements to network security, organizations should ensure that employees receive anti—phishing training and are made aware of the risks of ransomware.

In the event of a ransomware attack, the only option for recovering data without paying a ransom is to restore all encrypted data from backups. It is therefore essential that regular backups of critical data are made. Data backups should be securely stored off site, or are at least stored on air-gapped machines.

Author: Richard Anderson

Richard Anderson is the Editor-in-Chief of NetSec.news