Security professionals around the world equate ransomware attacks with terrorism, but they differ markedly from country to country in their willingness to play ball with the attackers. That’s according to survey results released Tuesday that gathered data from more than 1,500 security executives in the United States, the United Kingdom, Australia, France, Germany, and Benelux (Belgium, Netherlands, and Luxembourg).
Some 60% of these officials see ransomware attacks as a form of terrorism, according to the survey, particularly following the Colonial Pipeline attack in May that crippled operations in a data center managing gasoline and jet fuel for the Southeastern United States. But some of the respondents are more willing than others to pay the ransom to restore their systems. U.S. respondents proved to be most willing, with 25% of those who said they had been breached saying they had paid up. At 9%, Australian respondents were least willing to pay.
The results some from Venafi, a cybersecurity firm, and represent research conducted by Sapio Research. In ransomware attacks, online criminals lock up their target’s databases and demand payment for the digital keys. Such attacks in the United States rose 62% in the first half of this year following a 20% increase in all of 2020, according to FBI statistics cited in October by insurer Allianz Global Corporate & Specialty.
Ransomware attacks are proving to be more and more frequent. Two-thirds of the respondents from organizations with more than 500 employees reported having sustained an attack in the past 12 months, according to the Venafi survey. That figure shoots up to 80% for respondents with organizations with 3,000 to 4,999 employees.
“The fact that most IT security professionals consider terrorism and ransomware to be comparable threats tells you everything you need to know; these attacks are indiscriminate, debilitating and embarrassing,” said Kevin Bocek, vice president ecosystem and threat intelligence at Salt Lake City, Utah-based Venafi, in a statement. “Unfortunately, our research shows that while most organizations are extremely concerned about ransomware, they also have a false sense of security about their ability to prevent these devastating attacks.”
That “false sense of security” shows up in the absence of vigilance about ransomware attacks, according to Venafi’s survey. Ransomware attacks usually begin with a phishing email accompanied by an attachment containing malicious code, but only 21% of respondents disable or restrict macros in Microsoft Office documents, according to Venafi. Still, 77% of respondents in the survey indicated confidence that they had the tools to prevent an attack.