Sophos has released the results of their annual "State of Endpoint Security Today", and it doesn't paint a pretty picture. A full 54% of companies surveyed reported having been hit by a ransomware attack in 2017. Another 31% reported that they expect to be on the receiving end of such an attack in the near future.
If the headline statistic wasn't bad enough, it only gets worse from there. According to the data collected, the average cost of a ransomware attack (including network costs, manpower, downtime, and device replacement cost) was $133,000. Five percent of respondents reported total costs between $1.3 million and $6 million, before factoring in the cost of any ransom paid.
As bad as those figures are, what makes them even more painful is the frequency. On average, survey respondents report having been struck an average of twice in the past year.
Dan Schiappa, the Senior VP and General Manage of Products at Sophos explains: "Ransomware is not a lightning strike - it can happen again and again to the same organization. We're aware of cyber criminals unleashing four different ransomware families in half-hour increments to ensure at least one evades security and completes the attack.
If IT managers are unable to thoroughly clean ransomware and other threats from their systems after attacks, they could be vulnerable to reinfection. No one can afford to be complacent. Cybercriminals are deploying multiple attack methods to succeed, whether using a mix of ransomware in a single campaign, taking advantage of a remote access opportunity, infecting a server, or disabling security software."
In light of this relentless attack methodology, and in spite of the headlines all last year warning of the dangers, Schiappa warns that most companies are starting 2018 woefully unprepared for a ransomware attack. With all that said if you haven't done so already, it's well past time to review the state of your network security.