SlideShare a Scribd company logo

The State of Ransomware 2020

Fight Against the Rise of Ransomware 2020 with Netpluz Webinar 25 September 2020

1 of 35
The State of Ransomware
2020
5,000 Respondents Across 26 Countries
2
Country # Respondents Country # Respondents Country # Respondents
Australia 200 India 300 Singapore 200
Belgium 100 Italy 200 South Africa 200
Brazil 200 Japan 200 Spain 200
Canada 200 Malaysia 100 Sweden 100
China 200 Mexico 200 Turkey 100
Colombia 200 Netherlands 200 UAE 100
Czech Republic 100 Nigeria 100 UK 300
France 300 Philippines 100 U.S. 500
Germany 300 Poland 100
Respondents from Organizations between 100 and 5,000 Users
3
50%
1,001 – 5,000
employees
50%
100 – 1,000
employees
Respondents from Multiple Sectors
4
Sector # respondents % respondents
IT, technology and telecoms 979 20%
Retail, distribution and transport 666 13%
Manufacturing and production 648 13%
Financial services 547 11%
Public sector 498 10%
Business and professional services 480 10%
Construction and property 272 5%
Energy, oil/gas and utilities 204 4%
Media, leisure and entertainment 164 3%
Other 542 11%
The Prevalence of Ransomware
6
1 in 2 Organizations Hit By Ransomware Last Year
2017
In the last year, has your organization been hit by ransomware? Base 5,000 (2020), 1,700 (2017).
54%
2020
51%

Recommended

Netpluz | Protecting your Business with eSentinel | 360° Cyber Security Simpl...
Netpluz | Protecting your Business with eSentinel | 360° Cyber Security Simpl...Netpluz | Protecting your Business with eSentinel | 360° Cyber Security Simpl...
Netpluz | Protecting your Business with eSentinel | 360° Cyber Security Simpl...Netpluz Asia Pte Ltd
 
Cyber Risk Management in the New Digitalisation Age - Mitigating Risk with Cy...
Cyber Risk Management in the New Digitalisation Age - Mitigating Risk with Cy...Cyber Risk Management in the New Digitalisation Age - Mitigating Risk with Cy...
Cyber Risk Management in the New Digitalisation Age - Mitigating Risk with Cy...Netpluz Asia Pte Ltd
 
Cyber Risk Management in the New Digitalisation Age - eSentinel™
Cyber Risk Management in the New Digitalisation Age - eSentinel™ Cyber Risk Management in the New Digitalisation Age - eSentinel™
Cyber Risk Management in the New Digitalisation Age - eSentinel™ Netpluz Asia Pte Ltd
 
Insights into cyber security and risk
Insights into cyber security and riskInsights into cyber security and risk
Insights into cyber security and riskEY
 
Cybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial InstitutionsCybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial InstitutionsShawn Tuma
 
2016 - Cyber Security for the Public Sector
2016 - Cyber Security for the Public Sector2016 - Cyber Security for the Public Sector
2016 - Cyber Security for the Public SectorScott Geye
 
Cyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & RecommendationsCyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & RecommendationsUlf Mattsson
 

More Related Content

What's hot

ICION 2016 - Cyber Security Governance
ICION 2016 - Cyber Security GovernanceICION 2016 - Cyber Security Governance
ICION 2016 - Cyber Security GovernanceCharles Lim
 
M-Trends® 2013: Attack the Security Gap
M-Trends® 2013: Attack the Security GapM-Trends® 2013: Attack the Security Gap
M-Trends® 2013: Attack the Security GapFireEye, Inc.
 
eSentinel webinar with Netpluz & Straits Interactive on Cyber Security & PDPA...
eSentinel webinar with Netpluz & Straits Interactive on Cyber Security & PDPA...eSentinel webinar with Netpluz & Straits Interactive on Cyber Security & PDPA...
eSentinel webinar with Netpluz & Straits Interactive on Cyber Security & PDPA...Netpluz Asia Pte Ltd
 
Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...
Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...
Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...Shawn Tuma
 
Cyber Security For Organization Proposal PowerPoint Presentation Slides
Cyber Security For Organization Proposal PowerPoint Presentation SlidesCyber Security For Organization Proposal PowerPoint Presentation Slides
Cyber Security For Organization Proposal PowerPoint Presentation SlidesSlideTeam
 
10 Critical Corporate Cyber Security Risks
10 Critical Corporate Cyber Security Risks10 Critical Corporate Cyber Security Risks
10 Critical Corporate Cyber Security RisksHeimdal Security
 
Proatively Engaged: Questions Executives Should Ask Their Security Teams
Proatively Engaged: Questions Executives Should Ask Their Security TeamsProatively Engaged: Questions Executives Should Ask Their Security Teams
Proatively Engaged: Questions Executives Should Ask Their Security TeamsFireEye, Inc.
 
The Best Just Got Better, Intercept X Now With EDR
The Best Just Got Better, Intercept X Now With EDRThe Best Just Got Better, Intercept X Now With EDR
The Best Just Got Better, Intercept X Now With EDRNetpluz Asia Pte Ltd
 
What trends will 2018 bring for Business Continuity Professionals?
What trends will 2018 bring for Business Continuity Professionals?What trends will 2018 bring for Business Continuity Professionals?
What trends will 2018 bring for Business Continuity Professionals?PECB
 
The Internal Signs of Compromise
The Internal Signs of CompromiseThe Internal Signs of Compromise
The Internal Signs of CompromiseFireEye, Inc.
 
What lies ahead? 2016 Cyber Security Predictions from Symantec in the EMEA (E...
What lies ahead? 2016 Cyber Security Predictions from Symantec in the EMEA (E...What lies ahead? 2016 Cyber Security Predictions from Symantec in the EMEA (E...
What lies ahead? 2016 Cyber Security Predictions from Symantec in the EMEA (E...Symantec
 
Strategies to combat new, innovative cyber threats in 2019
Strategies to combat new, innovative cyber threats in 2019Strategies to combat new, innovative cyber threats in 2019
Strategies to combat new, innovative cyber threats in 2019SrikanthRaju7
 
Board and Cyber Security
Board and Cyber SecurityBoard and Cyber Security
Board and Cyber SecurityLeon Fouche
 
You are Doing IT Security Wrong - Understanding the Threat of Modern Cyber-at...
You are Doing IT Security Wrong - Understanding the Threat of Modern Cyber-at...You are Doing IT Security Wrong - Understanding the Threat of Modern Cyber-at...
You are Doing IT Security Wrong - Understanding the Threat of Modern Cyber-at...Michael Noel
 
Cyber Risk Management in 2017 - Challenges & Recommendations
Cyber Risk Management in 2017 - Challenges & RecommendationsCyber Risk Management in 2017 - Challenges & Recommendations
Cyber Risk Management in 2017 - Challenges & RecommendationsUlf Mattsson
 
It risk assessment in uae
It risk assessment in uaeIt risk assessment in uae
It risk assessment in uaeRishalHalid1
 

What's hot (20)

ICION 2016 - Cyber Security Governance
ICION 2016 - Cyber Security GovernanceICION 2016 - Cyber Security Governance
ICION 2016 - Cyber Security Governance
 
M-Trends® 2013: Attack the Security Gap
M-Trends® 2013: Attack the Security GapM-Trends® 2013: Attack the Security Gap
M-Trends® 2013: Attack the Security Gap
 
eSentinel webinar with Netpluz & Straits Interactive on Cyber Security & PDPA...
eSentinel webinar with Netpluz & Straits Interactive on Cyber Security & PDPA...eSentinel webinar with Netpluz & Straits Interactive on Cyber Security & PDPA...
eSentinel webinar with Netpluz & Straits Interactive on Cyber Security & PDPA...
 
Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...
Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...
Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...
 
Cyber Security for Financial Institutions
Cyber Security for Financial InstitutionsCyber Security for Financial Institutions
Cyber Security for Financial Institutions
 
Cyber Security For Organization Proposal PowerPoint Presentation Slides
Cyber Security For Organization Proposal PowerPoint Presentation SlidesCyber Security For Organization Proposal PowerPoint Presentation Slides
Cyber Security For Organization Proposal PowerPoint Presentation Slides
 
10 Critical Corporate Cyber Security Risks
10 Critical Corporate Cyber Security Risks10 Critical Corporate Cyber Security Risks
10 Critical Corporate Cyber Security Risks
 
Proatively Engaged: Questions Executives Should Ask Their Security Teams
Proatively Engaged: Questions Executives Should Ask Their Security TeamsProatively Engaged: Questions Executives Should Ask Their Security Teams
Proatively Engaged: Questions Executives Should Ask Their Security Teams
 
CYBER THREAT FORCAST 2016
CYBER THREAT FORCAST 2016 CYBER THREAT FORCAST 2016
CYBER THREAT FORCAST 2016
 
The Best Just Got Better, Intercept X Now With EDR
The Best Just Got Better, Intercept X Now With EDRThe Best Just Got Better, Intercept X Now With EDR
The Best Just Got Better, Intercept X Now With EDR
 
SME Cyber Insurance
SME Cyber Insurance SME Cyber Insurance
SME Cyber Insurance
 
What trends will 2018 bring for Business Continuity Professionals?
What trends will 2018 bring for Business Continuity Professionals?What trends will 2018 bring for Business Continuity Professionals?
What trends will 2018 bring for Business Continuity Professionals?
 
The Internal Signs of Compromise
The Internal Signs of CompromiseThe Internal Signs of Compromise
The Internal Signs of Compromise
 
What lies ahead? 2016 Cyber Security Predictions from Symantec in the EMEA (E...
What lies ahead? 2016 Cyber Security Predictions from Symantec in the EMEA (E...What lies ahead? 2016 Cyber Security Predictions from Symantec in the EMEA (E...
What lies ahead? 2016 Cyber Security Predictions from Symantec in the EMEA (E...
 
Strategies to combat new, innovative cyber threats in 2019
Strategies to combat new, innovative cyber threats in 2019Strategies to combat new, innovative cyber threats in 2019
Strategies to combat new, innovative cyber threats in 2019
 
Board and Cyber Security
Board and Cyber SecurityBoard and Cyber Security
Board and Cyber Security
 
Cybersecurity in Banking Sector
Cybersecurity in Banking SectorCybersecurity in Banking Sector
Cybersecurity in Banking Sector
 
You are Doing IT Security Wrong - Understanding the Threat of Modern Cyber-at...
You are Doing IT Security Wrong - Understanding the Threat of Modern Cyber-at...You are Doing IT Security Wrong - Understanding the Threat of Modern Cyber-at...
You are Doing IT Security Wrong - Understanding the Threat of Modern Cyber-at...
 
Cyber Risk Management in 2017 - Challenges & Recommendations
Cyber Risk Management in 2017 - Challenges & RecommendationsCyber Risk Management in 2017 - Challenges & Recommendations
Cyber Risk Management in 2017 - Challenges & Recommendations
 
It risk assessment in uae
It risk assessment in uaeIt risk assessment in uae
It risk assessment in uae
 

Similar to The State of Ransomware 2020

EndpointSecurityConcerns2014
EndpointSecurityConcerns2014EndpointSecurityConcerns2014
EndpointSecurityConcerns2014Peggy Lawless
 
The Internet Is a Dog-Eat-Dog World, and Your App Is Clad in Milk-Bone Underwear
The Internet Is a Dog-Eat-Dog World, and Your App Is Clad in Milk-Bone UnderwearThe Internet Is a Dog-Eat-Dog World, and Your App Is Clad in Milk-Bone Underwear
The Internet Is a Dog-Eat-Dog World, and Your App Is Clad in Milk-Bone UnderwearBob Wall
 
Security Whack-a-Mole: SANS 2017 Threat Landscape Survey
Security Whack-a-Mole: SANS 2017 Threat Landscape SurveySecurity Whack-a-Mole: SANS 2017 Threat Landscape Survey
Security Whack-a-Mole: SANS 2017 Threat Landscape SurveyQualys
 
5 Key Findings on Advanced Threats
5 Key Findings on Advanced Threats5 Key Findings on Advanced Threats
5 Key Findings on Advanced ThreatsHannah Jenney
 
15 Years of Web Security: The Rebellious Teenage Years
15 Years of Web Security: The Rebellious Teenage Years15 Years of Web Security: The Rebellious Teenage Years
15 Years of Web Security: The Rebellious Teenage YearsJeremiah Grossman
 
Cybersecurity and Healthcare - HIMSS 2018 Survey
Cybersecurity and Healthcare - HIMSS 2018 SurveyCybersecurity and Healthcare - HIMSS 2018 Survey
Cybersecurity and Healthcare - HIMSS 2018 SurveyImperva
 
Cyber Security Conference - A deeper look at Microsoft Security Strategy, Tec...
Cyber Security Conference - A deeper look at Microsoft Security Strategy, Tec...Cyber Security Conference - A deeper look at Microsoft Security Strategy, Tec...
Cyber Security Conference - A deeper look at Microsoft Security Strategy, Tec...Microsoft
 
rsmiraldi_SAMPLE_FocusSecWhereitMatters_PPT_022819_DRAFT_V2.pdf
rsmiraldi_SAMPLE_FocusSecWhereitMatters_PPT_022819_DRAFT_V2.pdfrsmiraldi_SAMPLE_FocusSecWhereitMatters_PPT_022819_DRAFT_V2.pdf
rsmiraldi_SAMPLE_FocusSecWhereitMatters_PPT_022819_DRAFT_V2.pdfRichard Smiraldi
 
The Stand Against Cyber Criminals Lawyers, Take The Stand Against Cyber Crimi...
The Stand Against Cyber Criminals Lawyers, Take The Stand Against Cyber Crimi...The Stand Against Cyber Criminals Lawyers, Take The Stand Against Cyber Crimi...
The Stand Against Cyber Criminals Lawyers, Take The Stand Against Cyber Crimi...Symantec
 
PandaLabs Reveals its Predictions for Cybersecurity Trends in 2018
PandaLabs Reveals its Predictions for Cybersecurity Trends in 2018PandaLabs Reveals its Predictions for Cybersecurity Trends in 2018
PandaLabs Reveals its Predictions for Cybersecurity Trends in 2018Panda Security
 
CTEK Cyber Briefing - April 2022.pptx
CTEK Cyber Briefing - April 2022.pptxCTEK Cyber Briefing - April 2022.pptx
CTEK Cyber Briefing - April 2022.pptxSophia Price
 
CynergisTek Cyber Briefing April 2022
CynergisTek Cyber Briefing April 2022CynergisTek Cyber Briefing April 2022
CynergisTek Cyber Briefing April 2022SophiaPalmira1
 
2016 Scalar Security Study Executive Summary
2016 Scalar Security Study Executive Summary2016 Scalar Security Study Executive Summary
2016 Scalar Security Study Executive Summarypatmisasi
 
Executive Summary of the 2016 Scalar Security Study
Executive Summary of the 2016 Scalar Security StudyExecutive Summary of the 2016 Scalar Security Study
Executive Summary of the 2016 Scalar Security StudyScalar Decisions
 
Security Incident Response Readiness Survey
Security Incident Response Readiness Survey  Security Incident Response Readiness Survey
Security Incident Response Readiness Survey Rahul Neel Mani
 
Reporte de Seguridad de Cisco 2016
Reporte de Seguridad de Cisco 2016Reporte de Seguridad de Cisco 2016
Reporte de Seguridad de Cisco 2016Oscar Romano
 
Key note in nyc the next breach target and how oracle can help - nyoug
Key note in nyc   the next breach target and how oracle can help - nyougKey note in nyc   the next breach target and how oracle can help - nyoug
Key note in nyc the next breach target and how oracle can help - nyougUlf Mattsson
 
Exhibitor session: Fortinet
Exhibitor session: FortinetExhibitor session: Fortinet
Exhibitor session: FortinetJisc
 

Similar to The State of Ransomware 2020 (20)

EndpointSecurityConcerns2014
EndpointSecurityConcerns2014EndpointSecurityConcerns2014
EndpointSecurityConcerns2014
 
Cybersecurity - Sam Maccherola
Cybersecurity - Sam MaccherolaCybersecurity - Sam Maccherola
Cybersecurity - Sam Maccherola
 
The Internet Is a Dog-Eat-Dog World, and Your App Is Clad in Milk-Bone Underwear
The Internet Is a Dog-Eat-Dog World, and Your App Is Clad in Milk-Bone UnderwearThe Internet Is a Dog-Eat-Dog World, and Your App Is Clad in Milk-Bone Underwear
The Internet Is a Dog-Eat-Dog World, and Your App Is Clad in Milk-Bone Underwear
 
Security Whack-a-Mole: SANS 2017 Threat Landscape Survey
Security Whack-a-Mole: SANS 2017 Threat Landscape SurveySecurity Whack-a-Mole: SANS 2017 Threat Landscape Survey
Security Whack-a-Mole: SANS 2017 Threat Landscape Survey
 
Estado del ransomware en 2020
Estado del ransomware en 2020Estado del ransomware en 2020
Estado del ransomware en 2020
 
5 Key Findings on Advanced Threats
5 Key Findings on Advanced Threats5 Key Findings on Advanced Threats
5 Key Findings on Advanced Threats
 
15 Years of Web Security: The Rebellious Teenage Years
15 Years of Web Security: The Rebellious Teenage Years15 Years of Web Security: The Rebellious Teenage Years
15 Years of Web Security: The Rebellious Teenage Years
 
Cybersecurity and Healthcare - HIMSS 2018 Survey
Cybersecurity and Healthcare - HIMSS 2018 SurveyCybersecurity and Healthcare - HIMSS 2018 Survey
Cybersecurity and Healthcare - HIMSS 2018 Survey
 
Cyber Security Conference - A deeper look at Microsoft Security Strategy, Tec...
Cyber Security Conference - A deeper look at Microsoft Security Strategy, Tec...Cyber Security Conference - A deeper look at Microsoft Security Strategy, Tec...
Cyber Security Conference - A deeper look at Microsoft Security Strategy, Tec...
 
rsmiraldi_SAMPLE_FocusSecWhereitMatters_PPT_022819_DRAFT_V2.pdf
rsmiraldi_SAMPLE_FocusSecWhereitMatters_PPT_022819_DRAFT_V2.pdfrsmiraldi_SAMPLE_FocusSecWhereitMatters_PPT_022819_DRAFT_V2.pdf
rsmiraldi_SAMPLE_FocusSecWhereitMatters_PPT_022819_DRAFT_V2.pdf
 
The Stand Against Cyber Criminals Lawyers, Take The Stand Against Cyber Crimi...
The Stand Against Cyber Criminals Lawyers, Take The Stand Against Cyber Crimi...The Stand Against Cyber Criminals Lawyers, Take The Stand Against Cyber Crimi...
The Stand Against Cyber Criminals Lawyers, Take The Stand Against Cyber Crimi...
 
PandaLabs Reveals its Predictions for Cybersecurity Trends in 2018
PandaLabs Reveals its Predictions for Cybersecurity Trends in 2018PandaLabs Reveals its Predictions for Cybersecurity Trends in 2018
PandaLabs Reveals its Predictions for Cybersecurity Trends in 2018
 
CTEK Cyber Briefing - April 2022.pptx
CTEK Cyber Briefing - April 2022.pptxCTEK Cyber Briefing - April 2022.pptx
CTEK Cyber Briefing - April 2022.pptx
 
CynergisTek Cyber Briefing April 2022
CynergisTek Cyber Briefing April 2022CynergisTek Cyber Briefing April 2022
CynergisTek Cyber Briefing April 2022
 
2016 Scalar Security Study Executive Summary
2016 Scalar Security Study Executive Summary2016 Scalar Security Study Executive Summary
2016 Scalar Security Study Executive Summary
 
Executive Summary of the 2016 Scalar Security Study
Executive Summary of the 2016 Scalar Security StudyExecutive Summary of the 2016 Scalar Security Study
Executive Summary of the 2016 Scalar Security Study
 
Security Incident Response Readiness Survey
Security Incident Response Readiness Survey  Security Incident Response Readiness Survey
Security Incident Response Readiness Survey
 
Reporte de Seguridad de Cisco 2016
Reporte de Seguridad de Cisco 2016Reporte de Seguridad de Cisco 2016
Reporte de Seguridad de Cisco 2016
 
Key note in nyc the next breach target and how oracle can help - nyoug
Key note in nyc   the next breach target and how oracle can help - nyougKey note in nyc   the next breach target and how oracle can help - nyoug
Key note in nyc the next breach target and how oracle can help - nyoug
 
Exhibitor session: Fortinet
Exhibitor session: FortinetExhibitor session: Fortinet
Exhibitor session: Fortinet
 

More from Netpluz Asia Pte Ltd

Secure & Protect your Data with Druva
Secure & Protect your Data with Druva Secure & Protect your Data with Druva
Secure & Protect your Data with Druva Netpluz Asia Pte Ltd
 
Simplifying Communication with Microsoft Teams & Netpluz SIP Trunk
Simplifying Communication with Microsoft Teams & Netpluz SIP TrunkSimplifying Communication with Microsoft Teams & Netpluz SIP Trunk
Simplifying Communication with Microsoft Teams & Netpluz SIP TrunkNetpluz Asia Pte Ltd
 
eSentinel™ – 360° Cybersecurity Platform Simplified
eSentinel™ – 360° Cybersecurity Platform SimplifiedeSentinel™ – 360° Cybersecurity Platform Simplified
eSentinel™ – 360° Cybersecurity Platform SimplifiedNetpluz Asia Pte Ltd
 
Using a secured, cloud-delivered SD-WAN to transform your business network
Using a secured, cloud-delivered SD-WAN to transform your business networkUsing a secured, cloud-delivered SD-WAN to transform your business network
Using a secured, cloud-delivered SD-WAN to transform your business networkNetpluz Asia Pte Ltd
 
Netpluz DDoS Mitigation - Managed Cyber Security
Netpluz DDoS Mitigation - Managed Cyber Security Netpluz DDoS Mitigation - Managed Cyber Security
Netpluz DDoS Mitigation - Managed Cyber Security Netpluz Asia Pte Ltd
 
Netpluz - Managed Firewall & Endpoint Protection
Netpluz - Managed Firewall & Endpoint Protection Netpluz - Managed Firewall & Endpoint Protection
Netpluz - Managed Firewall & Endpoint Protection Netpluz Asia Pte Ltd
 
Netpluz Managed SOC - MSS Service
Netpluz Managed SOC - MSS Service Netpluz Managed SOC - MSS Service
Netpluz Managed SOC - MSS Service Netpluz Asia Pte Ltd
 
VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing Netpluz Asia Pte Ltd
 
Netpluz Managed Services Portfolio
Netpluz Managed Services PortfolioNetpluz Managed Services Portfolio
Netpluz Managed Services PortfolioNetpluz Asia Pte Ltd
 
Y5Zone Singapore - Wifi Advertisement & EDM services
Y5Zone Singapore - Wifi Advertisement & EDM services Y5Zone Singapore - Wifi Advertisement & EDM services
Y5Zone Singapore - Wifi Advertisement & EDM services Netpluz Asia Pte Ltd
 
Managed Security Operations Centre Alternative - Managed Security Service
Managed Security Operations Centre Alternative - Managed Security Service Managed Security Operations Centre Alternative - Managed Security Service
Managed Security Operations Centre Alternative - Managed Security Service Netpluz Asia Pte Ltd
 
Email Phishing Test Simulation, Educating the Users
Email Phishing Test Simulation, Educating the UsersEmail Phishing Test Simulation, Educating the Users
Email Phishing Test Simulation, Educating the UsersNetpluz Asia Pte Ltd
 
Understanding the Threat Landscape by SOPHOS
Understanding the Threat Landscape by SOPHOSUnderstanding the Threat Landscape by SOPHOS
Understanding the Threat Landscape by SOPHOSNetpluz Asia Pte Ltd
 
Sophos synchronized security in action @Netpluz CS Event Nov 2017
Sophos synchronized security in action @Netpluz CS Event Nov 2017Sophos synchronized security in action @Netpluz CS Event Nov 2017
Sophos synchronized security in action @Netpluz CS Event Nov 2017Netpluz Asia Pte Ltd
 

More from Netpluz Asia Pte Ltd (20)

Netpluz corp presentation 2020
Netpluz corp presentation 2020Netpluz corp presentation 2020
Netpluz corp presentation 2020
 
Secure & Protect your Data with Druva
Secure & Protect your Data with Druva Secure & Protect your Data with Druva
Secure & Protect your Data with Druva
 
Simplifying Communication with Microsoft Teams & Netpluz SIP Trunk
Simplifying Communication with Microsoft Teams & Netpluz SIP TrunkSimplifying Communication with Microsoft Teams & Netpluz SIP Trunk
Simplifying Communication with Microsoft Teams & Netpluz SIP Trunk
 
SAY HELLO TO MICROSOFT TEAMS
SAY HELLO TO MICROSOFT TEAMSSAY HELLO TO MICROSOFT TEAMS
SAY HELLO TO MICROSOFT TEAMS
 
eSentinel™ – 360° Cybersecurity Platform Simplified
eSentinel™ – 360° Cybersecurity Platform SimplifiedeSentinel™ – 360° Cybersecurity Platform Simplified
eSentinel™ – 360° Cybersecurity Platform Simplified
 
Using a secured, cloud-delivered SD-WAN to transform your business network
Using a secured, cloud-delivered SD-WAN to transform your business networkUsing a secured, cloud-delivered SD-WAN to transform your business network
Using a secured, cloud-delivered SD-WAN to transform your business network
 
Netpluz DDoS Mitigation - Managed Cyber Security
Netpluz DDoS Mitigation - Managed Cyber Security Netpluz DDoS Mitigation - Managed Cyber Security
Netpluz DDoS Mitigation - Managed Cyber Security
 
Netpluz - Managed Firewall & Endpoint Protection
Netpluz - Managed Firewall & Endpoint Protection Netpluz - Managed Firewall & Endpoint Protection
Netpluz - Managed Firewall & Endpoint Protection
 
Netpluz Managed Cyber Security
Netpluz Managed Cyber Security Netpluz Managed Cyber Security
Netpluz Managed Cyber Security
 
Netpluz Managed SOC - MSS Service
Netpluz Managed SOC - MSS Service Netpluz Managed SOC - MSS Service
Netpluz Managed SOC - MSS Service
 
VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing
 
Netpluz Managed Services Portfolio
Netpluz Managed Services PortfolioNetpluz Managed Services Portfolio
Netpluz Managed Services Portfolio
 
Y5Zone Singapore - Wifi Advertisement & EDM services
Y5Zone Singapore - Wifi Advertisement & EDM services Y5Zone Singapore - Wifi Advertisement & EDM services
Y5Zone Singapore - Wifi Advertisement & EDM services
 
Getting ready for wi-fi 6 and IOT
Getting ready for wi-fi 6 and IOTGetting ready for wi-fi 6 and IOT
Getting ready for wi-fi 6 and IOT
 
Managed Security Operations Centre Alternative - Managed Security Service
Managed Security Operations Centre Alternative - Managed Security Service Managed Security Operations Centre Alternative - Managed Security Service
Managed Security Operations Centre Alternative - Managed Security Service
 
Email Phishing Test Simulation, Educating the Users
Email Phishing Test Simulation, Educating the UsersEmail Phishing Test Simulation, Educating the Users
Email Phishing Test Simulation, Educating the Users
 
Understanding the Threat Landscape by SOPHOS
Understanding the Threat Landscape by SOPHOSUnderstanding the Threat Landscape by SOPHOS
Understanding the Threat Landscape by SOPHOS
 
Y5Zone Singapore Presentation
Y5Zone Singapore PresentationY5Zone Singapore Presentation
Y5Zone Singapore Presentation
 
Sophos synchronized security in action @Netpluz CS Event Nov 2017
Sophos synchronized security in action @Netpluz CS Event Nov 2017Sophos synchronized security in action @Netpluz CS Event Nov 2017
Sophos synchronized security in action @Netpluz CS Event Nov 2017
 
Rhipe @Netpluz CS Event Nov 2017
Rhipe @Netpluz CS Event Nov 2017Rhipe @Netpluz CS Event Nov 2017
Rhipe @Netpluz CS Event Nov 2017
 

Recently uploaded

Enterprise Architecture As Strategy - Book Review
Enterprise Architecture As Strategy - Book ReviewEnterprise Architecture As Strategy - Book Review
Enterprise Architecture As Strategy - Book ReviewAshraf Fouad
 
The Art of the Possible with Graph by Dr Jim Webber Neo4j.pptx
The Art of the Possible with Graph by Dr Jim Webber Neo4j.pptxThe Art of the Possible with Graph by Dr Jim Webber Neo4j.pptx
The Art of the Possible with Graph by Dr Jim Webber Neo4j.pptxNeo4j
 
Cultivating Entrepreneurial Mindset in Product Management: Strategies for Suc...
Cultivating Entrepreneurial Mindset in Product Management: Strategies for Suc...Cultivating Entrepreneurial Mindset in Product Management: Strategies for Suc...
Cultivating Entrepreneurial Mindset in Product Management: Strategies for Suc...Product School
 
Confoo 2024 Gettings started with OpenAI and data science
Confoo 2024 Gettings started with OpenAI and data scienceConfoo 2024 Gettings started with OpenAI and data science
Confoo 2024 Gettings started with OpenAI and data scienceSusan Ibach
 
Harnessing the Power of GenAI for Exceptional Product Outcomes by Booking.com...
Harnessing the Power of GenAI for Exceptional Product Outcomes by Booking.com...Harnessing the Power of GenAI for Exceptional Product Outcomes by Booking.com...
Harnessing the Power of GenAI for Exceptional Product Outcomes by Booking.com...Product School
 
ASTRAZENECA. Knowledge Graphs Powering a Fast-moving Global Life Sciences Org...
ASTRAZENECA. Knowledge Graphs Powering a Fast-moving Global Life Sciences Org...ASTRAZENECA. Knowledge Graphs Powering a Fast-moving Global Life Sciences Org...
ASTRAZENECA. Knowledge Graphs Powering a Fast-moving Global Life Sciences Org...Neo4j
 
"Platform Engineering with Development Containers", Igor Fesenko
"Platform Engineering with Development Containers", Igor Fesenko"Platform Engineering with Development Containers", Igor Fesenko
"Platform Engineering with Development Containers", Igor FesenkoFwdays
 
"How we created an SRE team in Temabit as a part of FOZZY Group in conditions...
"How we created an SRE team in Temabit as a part of FOZZY Group in conditions..."How we created an SRE team in Temabit as a part of FOZZY Group in conditions...
"How we created an SRE team in Temabit as a part of FOZZY Group in conditions...Fwdays
 
"Running Open-Source LLM models on Kubernetes", Volodymyr Tsap
"Running Open-Source LLM models on Kubernetes",  Volodymyr Tsap"Running Open-Source LLM models on Kubernetes",  Volodymyr Tsap
"Running Open-Source LLM models on Kubernetes", Volodymyr TsapFwdays
 
Introducing the New FME Community Webinar - Feb 21, 2024 (2).pdf
Introducing the New FME Community Webinar - Feb 21, 2024 (2).pdfIntroducing the New FME Community Webinar - Feb 21, 2024 (2).pdf
Introducing the New FME Community Webinar - Feb 21, 2024 (2).pdfSafe Software
 
Digital Transformation Strategy & Plan Templates - www.beyondthecloud.digital...
Digital Transformation Strategy & Plan Templates - www.beyondthecloud.digital...Digital Transformation Strategy & Plan Templates - www.beyondthecloud.digital...
Digital Transformation Strategy & Plan Templates - www.beyondthecloud.digital...MarcovanHurne2
 
Progress Report: Ministry of IT under Dr. Umar Saif Aug 23-Feb'24
Progress Report: Ministry of IT under Dr. Umar Saif Aug 23-Feb'24Progress Report: Ministry of IT under Dr. Umar Saif Aug 23-Feb'24
Progress Report: Ministry of IT under Dr. Umar Saif Aug 23-Feb'24Umar Saif
 
Enhancing Productivity and Insight A Tour of JDK Tools Progress Beyond Java 17
Enhancing Productivity and Insight  A Tour of JDK Tools Progress Beyond Java 17Enhancing Productivity and Insight  A Tour of JDK Tools Progress Beyond Java 17
Enhancing Productivity and Insight A Tour of JDK Tools Progress Beyond Java 17Ana-Maria Mihalceanu
 
From Challenger to Champion: How SpiraPlan Outperforms JIRA+Plugins
From Challenger to Champion: How SpiraPlan Outperforms JIRA+PluginsFrom Challenger to Champion: How SpiraPlan Outperforms JIRA+Plugins
From Challenger to Champion: How SpiraPlan Outperforms JIRA+PluginsInflectra
 
Early Tech Adoption: Foolish or Pragmatic? - 17th ISACA South Florida WOW Con...
Early Tech Adoption: Foolish or Pragmatic? - 17th ISACA South Florida WOW Con...Early Tech Adoption: Foolish or Pragmatic? - 17th ISACA South Florida WOW Con...
Early Tech Adoption: Foolish or Pragmatic? - 17th ISACA South Florida WOW Con...Adrian Sanabria
 
Dev Dives: Leverage APIs and Gen AI to power automations for RPA and software...
Dev Dives: Leverage APIs and Gen AI to power automations for RPA and software...Dev Dives: Leverage APIs and Gen AI to power automations for RPA and software...
Dev Dives: Leverage APIs and Gen AI to power automations for RPA and software...UiPathCommunity
 
How AI and ChatGPT are changing cybersecurity forever.pptx
How AI and ChatGPT are changing cybersecurity forever.pptxHow AI and ChatGPT are changing cybersecurity forever.pptx
How AI and ChatGPT are changing cybersecurity forever.pptxInfosec
 
Bit N Build Poland
Bit N Build PolandBit N Build Poland
Bit N Build PolandGDSC PJATK
 
Battle of React State Managers in frontend applications
Battle of React State Managers in frontend applicationsBattle of React State Managers in frontend applications
Battle of React State Managers in frontend applicationsEvangelia Mitsopoulou
 
My Journey towards Artificial Intelligence
My Journey towards Artificial IntelligenceMy Journey towards Artificial Intelligence
My Journey towards Artificial IntelligenceVijayananda Mohire
 

Recently uploaded (20)

Enterprise Architecture As Strategy - Book Review
Enterprise Architecture As Strategy - Book ReviewEnterprise Architecture As Strategy - Book Review
Enterprise Architecture As Strategy - Book Review
 
The Art of the Possible with Graph by Dr Jim Webber Neo4j.pptx
The Art of the Possible with Graph by Dr Jim Webber Neo4j.pptxThe Art of the Possible with Graph by Dr Jim Webber Neo4j.pptx
The Art of the Possible with Graph by Dr Jim Webber Neo4j.pptx
 
Cultivating Entrepreneurial Mindset in Product Management: Strategies for Suc...
Cultivating Entrepreneurial Mindset in Product Management: Strategies for Suc...Cultivating Entrepreneurial Mindset in Product Management: Strategies for Suc...
Cultivating Entrepreneurial Mindset in Product Management: Strategies for Suc...
 
Confoo 2024 Gettings started with OpenAI and data science
Confoo 2024 Gettings started with OpenAI and data scienceConfoo 2024 Gettings started with OpenAI and data science
Confoo 2024 Gettings started with OpenAI and data science
 
Harnessing the Power of GenAI for Exceptional Product Outcomes by Booking.com...
Harnessing the Power of GenAI for Exceptional Product Outcomes by Booking.com...Harnessing the Power of GenAI for Exceptional Product Outcomes by Booking.com...
Harnessing the Power of GenAI for Exceptional Product Outcomes by Booking.com...
 
ASTRAZENECA. Knowledge Graphs Powering a Fast-moving Global Life Sciences Org...
ASTRAZENECA. Knowledge Graphs Powering a Fast-moving Global Life Sciences Org...ASTRAZENECA. Knowledge Graphs Powering a Fast-moving Global Life Sciences Org...
ASTRAZENECA. Knowledge Graphs Powering a Fast-moving Global Life Sciences Org...
 
"Platform Engineering with Development Containers", Igor Fesenko
"Platform Engineering with Development Containers", Igor Fesenko"Platform Engineering with Development Containers", Igor Fesenko
"Platform Engineering with Development Containers", Igor Fesenko
 
"How we created an SRE team in Temabit as a part of FOZZY Group in conditions...
"How we created an SRE team in Temabit as a part of FOZZY Group in conditions..."How we created an SRE team in Temabit as a part of FOZZY Group in conditions...
"How we created an SRE team in Temabit as a part of FOZZY Group in conditions...
 
"Running Open-Source LLM models on Kubernetes", Volodymyr Tsap
"Running Open-Source LLM models on Kubernetes",  Volodymyr Tsap"Running Open-Source LLM models on Kubernetes",  Volodymyr Tsap
"Running Open-Source LLM models on Kubernetes", Volodymyr Tsap
 
Introducing the New FME Community Webinar - Feb 21, 2024 (2).pdf
Introducing the New FME Community Webinar - Feb 21, 2024 (2).pdfIntroducing the New FME Community Webinar - Feb 21, 2024 (2).pdf
Introducing the New FME Community Webinar - Feb 21, 2024 (2).pdf
 
Digital Transformation Strategy & Plan Templates - www.beyondthecloud.digital...
Digital Transformation Strategy & Plan Templates - www.beyondthecloud.digital...Digital Transformation Strategy & Plan Templates - www.beyondthecloud.digital...
Digital Transformation Strategy & Plan Templates - www.beyondthecloud.digital...
 
Progress Report: Ministry of IT under Dr. Umar Saif Aug 23-Feb'24
Progress Report: Ministry of IT under Dr. Umar Saif Aug 23-Feb'24Progress Report: Ministry of IT under Dr. Umar Saif Aug 23-Feb'24
Progress Report: Ministry of IT under Dr. Umar Saif Aug 23-Feb'24
 
Enhancing Productivity and Insight A Tour of JDK Tools Progress Beyond Java 17
Enhancing Productivity and Insight  A Tour of JDK Tools Progress Beyond Java 17Enhancing Productivity and Insight  A Tour of JDK Tools Progress Beyond Java 17
Enhancing Productivity and Insight A Tour of JDK Tools Progress Beyond Java 17
 
From Challenger to Champion: How SpiraPlan Outperforms JIRA+Plugins
From Challenger to Champion: How SpiraPlan Outperforms JIRA+PluginsFrom Challenger to Champion: How SpiraPlan Outperforms JIRA+Plugins
From Challenger to Champion: How SpiraPlan Outperforms JIRA+Plugins
 
Early Tech Adoption: Foolish or Pragmatic? - 17th ISACA South Florida WOW Con...
Early Tech Adoption: Foolish or Pragmatic? - 17th ISACA South Florida WOW Con...Early Tech Adoption: Foolish or Pragmatic? - 17th ISACA South Florida WOW Con...
Early Tech Adoption: Foolish or Pragmatic? - 17th ISACA South Florida WOW Con...
 
Dev Dives: Leverage APIs and Gen AI to power automations for RPA and software...
Dev Dives: Leverage APIs and Gen AI to power automations for RPA and software...Dev Dives: Leverage APIs and Gen AI to power automations for RPA and software...
Dev Dives: Leverage APIs and Gen AI to power automations for RPA and software...
 
How AI and ChatGPT are changing cybersecurity forever.pptx
How AI and ChatGPT are changing cybersecurity forever.pptxHow AI and ChatGPT are changing cybersecurity forever.pptx
How AI and ChatGPT are changing cybersecurity forever.pptx
 
Bit N Build Poland
Bit N Build PolandBit N Build Poland
Bit N Build Poland
 
Battle of React State Managers in frontend applications
Battle of React State Managers in frontend applicationsBattle of React State Managers in frontend applications
Battle of React State Managers in frontend applications
 
My Journey towards Artificial Intelligence
My Journey towards Artificial IntelligenceMy Journey towards Artificial Intelligence
My Journey towards Artificial Intelligence
 

The State of Ransomware 2020

  • 1. The State of Ransomware 2020
  • 2. 5,000 Respondents Across 26 Countries 2 Country # Respondents Country # Respondents Country # Respondents Australia 200 India 300 Singapore 200 Belgium 100 Italy 200 South Africa 200 Brazil 200 Japan 200 Spain 200 Canada 200 Malaysia 100 Sweden 100 China 200 Mexico 200 Turkey 100 Colombia 200 Netherlands 200 UAE 100 Czech Republic 100 Nigeria 100 UK 300 France 300 Philippines 100 U.S. 500 Germany 300 Poland 100
  • 3. Respondents from Organizations between 100 and 5,000 Users 3 50% 1,001 – 5,000 employees 50% 100 – 1,000 employees
  • 4. Respondents from Multiple Sectors 4 Sector # respondents % respondents IT, technology and telecoms 979 20% Retail, distribution and transport 666 13% Manufacturing and production 648 13% Financial services 547 11% Public sector 498 10% Business and professional services 480 10% Construction and property 272 5% Energy, oil/gas and utilities 204 4% Media, leisure and entertainment 164 3% Other 542 11%
  • 5. The Prevalence of Ransomware
  • 6. 6 1 in 2 Organizations Hit By Ransomware Last Year 2017 In the last year, has your organization been hit by ransomware? Base 5,000 (2020), 1,700 (2017). 54% 2020 51%
  • 7. 7 Size Doesn’t Matter 1,001-5,000 employees In the last year, has your organization been hit by ransomware? Base 5,000 47% 54% 100-1,000 employees
  • 8. Attack Levels Vary Across the Globe 82% 65% 63% 60% 60% 59% 58% 57% 55% 53% 53% 52% 52% 49% 48% 48% 45% 44% 44% 42% 41% 40% 39% 30% 28% 24% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% % organizations hit by ransomware in the last year Global Average 51% In the last year, has your organization been hit by ransomware? Base 5,000
  • 9. 60% 56% 55% 54% 50% 49% 49% 48% 46% 45% 0% 10% 20% 30% 40% 50% 60% 70% Media, leisure, entertainment IT, technology, telecoms Energy, oil/gas, utilities Other Business and professional services Construction and property Retail, distribution and transport Financial services Manufacturing and production Public sector Public Sector Suffers Fewest Ransomware Attacks Global Average51% In the last year, has your organization been hit by ransomware? Base 5,000 % respondents hit by ransomware in the last year
  • 10. The Impact of Ransomware
  • 11. Criminals Succeed in Encrypting Data in 3 Out of 4 Attacks 11 Did the cybercriminals succeed in encrypting your organization’s data in the most significant ransomware attack? Yes No 24% Attack stopped before the data could be encrypted 73% Cybercriminals succeeded in encrypting data 3% Data not encrypted but victim still held to ransom
  • 12. Attacks Most Likely to Succeed in Japan Global Average Percentage of respondents that answered ‘No, the attack was stopped before the data could be encrypted’ to: Did the cybercriminals succeed in encrypting your organization’s data in the most significant ransomware attack? Base 2,538. 24% 5% 8% 8% 11% 17% 17% 17% 17% 19% 20% 22% 22% 22% 23% 24% 25% 26% 30% 31% 33% 35% 36% 38% 44% 51% 0% 10% 20% 30% 40% 50% 60% Percentage of organizations that stopped the attack before the data was encrypted
  • 13. Data In the Public Cloud Is a Mainstream Target 13 On premises/ private cloud data 41% Data in the public cloud 35% Data in the public cloud and on premises/ private cloud 24% Includes data in the public cloud59% Did the cybercriminals succeed in encrypting your organization’s data in the most significant ransomware attack? Data only represents respondents whose organization’s data had been encrypted in the most recent ransomware attack . Base 1,849
  • 14. One in Four Victims Paid the Ransom to Get Their Data Back Did your organization get the data back in the most significant ransomware attack? Question only seen by respondents whose organization had a ransomware attack where data was encrypted. Base 1,849 26% Pay the ransom
  • 15. India and Sweden Most Likely to Pay the Ransom 15 Global Average 26% Percentage of respondents that answered “Yes, we paid the ransom” to: Did your organization get the data back in the most significant ransomware attack? Question only seen by respondents whose organization had a ransomware attack where data was encrypted. Base 1,849. Percentage of organizations that paid the ransom to get their data back 0% 10% 20% 30% 40% 50% 60% 70%
  • 16. Almost Everyone Gets Their Data Back Did your organization get the data back in the most significant ransomware attack? Base 1,849 73% Of attacks result in data being encrypted 94% Of victims get their data back 56% Used backups to get the data back
  • 17. Ransomware Remediation Cost Varies By Size 17 What was the approximate cost to your organization to rectify the impacts of the most recent ransomware attack (considering downtime, people time, device cost, network cost, lost opportunity, ransom paid etc.)? Question only seen by respondents whose organization had been hit by ransomware in the last year. Base 2,538 1,001-5,000 employees US$505,827 US$981,140 100-1,000 employees Global average US$761,106
  • 18. Ransomware Costs Vary By Country 18 $ 0.00 $ 500,000.00 $ 1,000,000.00 $ 1,500,000.00 $ 2,000,000.00 $ 2,500,000.00 $ 3,000,000.00 Global Average US$ 761,106 What was the approximate cost to your organization to rectify the impacts of the most recent ransomware attack (considering downtime, people time, device cost, network cost, lost opportunity, ransom paid etc.)? Question only seen by respondents whose organization had been hit by ransomware in the last year. Base 2,538
  • 19. Paying the Ransom Doubles the Cost 19 Did your organization get the data back in the most significant ransomware attack? Base 1,849. Paid the ransom combines responses "Yes, we paid the ransom" and "No, even though we paid the ransom". Didn’t pay the ransom combines responses "Yes, we used backups to restore the data", "Yes, we used other means to get our data back" and "No, we didn’t pay the ransom". US$732,520 Didn’t pay the ransom Paid the ransom US$1,448,458
  • 20. The Role of Insurance
  • 21. 1 in 5 Have Patchy Cybersecurity Insurance 21 have cybersecurity insurance Does your organization have cybersecurity insurance that covers it if it is hit by ransomware? Base 5,000 84% have cybersecurity insurance that covers ransomware 64% 20% Paying for cybersecurity insurance that DOESN’T cover ransomware
  • 22. Cybersecurity Insurance By Country 22 Has cybersecurity insurance Has cybersecurity insurance that covers ransomware Does your organization have cybersecurity insurance that covers it if it is hit by ransomware? Base 5,000 94% 94% 93% 91% 90% 89% 89% 88% 88% 85% 85% 84% 83% 81% 81% 81% 81% 81% 80% 77% 77% 76% 74% 74% 71% 70% 80% 82% 57% 70% 75% 75% 57% 70% 68% 55% 68% 62% 70% 65% 61% 49% 61% 69% 48% 57% 50% 64% 58% 56% 44% 45% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%
  • 23. Public Sector Is Most Exposed to Ransomware Costs 23 72% 70% 68% 66% 63% 62% 62% 62% 61% 51% 0% 10% 20% 30% 40% 50% 60% 70% 80% Financial services IT, technology, telecoms Business and professional services Media, leisure, entertainment Manufacturing and production Energy, oil/gas, utilities Construction and property Retail, distribution and transport Other Public sector Global Average 64% Does your organization have cybersecurity insurance that covers it if it is hit by ransomware? Base 5,000 Percentage of organizations with insurance against ransomware
  • 24. Is Cybersecurity Insurance Fueling Ransom Payments? 24 The percentage of respondents that selected ‘Yes we paid the ransom’ and said the cybersecurity insurance paid the ransom. 26% 94% Ransomware attacks resulted in data being encrypted 73% Organizations whose data was encrypted paid the ransom Organizations that paid said the cybersecurity insurance paid the ransom
  • 26. 26 Attacks Use Multiple Tactics to Breach Your Defenses How the ransomware got into the organization # % Via a file download/email with malicious link 741 29% Via remote attack on server 543 21% Via email with malicious attachment 401 16% Misconfigured public cloud instances 233 9% Via our Remote Desktop Protocol (RDP) 221 9% Via a supplier 218 9% Via a USB/removable media device 172 7% Other 0 0% Don’t know 9 0% Total 2,538 100% How did the ransomware attack get into your organization? Question asked to respondents whose organization had been hit by ransomware in the last year. Base 2,538
  • 28. To Sum Up… 28 Ransomware remains a real risk Assume you WILL be hit One in four victims stop the attack Invest in anti-ransomware technology Data in the public cloud is at risk Protect data wherever it’s held Backups work Keep them offsite and offline Beware of patchy cyber insurance Get covered for ransomware Attackers try and try again Deploy a multi-layered defense
  • 29. 29 File download/email with malicious link Remote attack on server Email with malicious attachment Misconfigured public cloud instances Remote Desktop Protocol Supplier USB/ Removable media 21% 9% 7%29% 16% 9% 9%
  • 30. We notifyyouaboutthedetectionand providedetail tohelpyouinprioritizationandresponse Notify We workwithyourinternalteamorexternal point(s)ofcontacttorespondtothedetection Collaborate We handlecontainmentandneutralization actionsandwillinformyou oftheaction(s)taken Entrust Response Methods Automaticresponseto“strongsignals” Automated Aggregationandinvestigationof“weaksignals” Lead-Driven MethodologyHunting Lead-Less Threat Hunting Expert-Led Threat Response Sophos Managed Threat Response (MTR) provides 24/7 threat hunting, detection, and response capabilities delivered by an expert team as a fully-managed service. Sophos MTR
  • 34. Insurance Coverage Varies 35 Cost # respondents % respondents Paid clean-up costs only 535 31% Paid the ransom only 326 19% Paid the ransom and clean-up costs 287 17% Paid clean-up and other costs 209 12% Paid other costs only 138 8% Paid the ransom, clean-up and other costs 127 7% Paid the ransom and other costs 23 1% No only 84 5% Don't know only 5 0% Total 1734 100% Did the cybersecurity insurance pay out to address the costs associated with the most significant ransomware attack that your organization suffered? Base 1,734
  • 35. Secure The Public Cloud with Sophos Cloud Storage & Databases Cloud Virtual Machines Containers & Serverless Network FirewallingVulnerability Analysis Identity Security Workload Protection

Editor's Notes

  1. Stories of organizations crippled by ransomware regularly dominate the IT news headlines, and accounts of 6- and 7-figure ransom demands are commonplace. But do the news stories tell the full story? To understand the reality behind the headlines, Sophos commissioned an independent survey of 5,000 IT managers across 26 countries. The findings provide brand new insight into what actually happens once ransomware hits. It reveals the percentage of attacks that successfully encrypt data; how many victims pay the ransom; how paying the ransom impacts the overall clean-up costs; and the role of cybersecurity insurance. Be prepared to be surprised.
  2. Sophos commissioned independent research house Vanson Bourne to survey 5,000 IT managers on their experiences of ransomware. Sophos had no role in the selection of respondents and all responses were provided anonymously. The survey was conducted during January and February 2020. Respondents came from 26 countries across six continents
  3. Within each country, 50% of respondents were from organizations of between 100 and 1,000 employees, while 50% were from organizations of between 1,001 and 5,000 employees.
  4. Respondents came from a range of sectors, both public and private.
  5. Let’s start by looking at the level of ransomware attacks in the last year.
  6. In the last year, has your organization been hit by ransomware? Base 5,000 (2020), 1,700 (2017). 51% of respondents said they had been hit by ransomware in the last year i.e. one in two of the 5,000 organizations surveyed. The big takeaway is that everyone should be prepared to be hit. Organizations did report a slight drop in attacks compared with previous years. A previous Sophos-commissioned survey in 2017 (sample size 1,700 organizations) revealed that 54% of respondents had been hit by ransomware in the last year. This drop, while welcome, is likely due to a change in tactics from the ransomware actors rather than a reduced focus on this type of attack. In 2017 mass-market ‘spray and pray’ desktop ransomware was very common. These attacks were spread widely and indiscriminately, resulting in a high number of organizations being hit. Now, in 2020, the trend is for server-based attacks. These are highly targeted, sophisticated attacks that take more effort to deploy – hence the reduction in the number of attacks. However, they are typically far more deadly due to the higher value of assets encrypted and can cripple organizations with multi-million dollar ransom requests. For subsequent survey questions, if the organization reported multiple ransomware attacks in the last year we asked them to respond for the most significant attack in the last year only. .
  7. In the last year, has your organization been hit by ransomware? Base 5,000 There was a small difference in ransomware attack rates based on organization size. While just under half of the smaller organizations (100-1000 employees) were hit (47%), just over half (54%) of larger organizations (1001-5000 employees) were hit.
  8. In the last year, has your organization been hit by ransomware? Base 5,000 Looking at the level of ransomware attacks across the globe reveals interesting variations. This is likely due to criminals focusing their efforts where they see greatest opportunity for return, and also differing countries having differing levels of ransomware defenses. India (300 respondents) tops the list with 82% of organizations reporting being hit by ransomware in the last year. This is not a huge surprise. Cyber hygiene is generally poor in India, and pirated technology abounds, creating weaknesses in cyber defenses and making organizations more vulnerable to attack. The Philippines, Poland, and South Africa report the lowest levels of cyber attacks. As we discussed earlier, cybercriminals have moved from ‘spray and pray’ desktop ransomware attacks to more targeted server-based attacks that affect fewer organizations but with higher ransom demands. They geo-target their attacks to go after the most lucrative opportunities. The three countries at the bottom of the attack scale also have lower GDP than many of the other countries higher up the list which may be why they receive less focus from the cybercriminals. The move from ‘spray and pray’ to targeted attacks focused on the most lucrative targets likely contributed to  the noticeable  reduction in ransomware in South Africa. In our previous survey (2017) 54% of respondents reported being hit by ransomware in the last year, but this is now down to 24%, a drop of over 50%. Canada (200 respondents) reports surprisingly few ransomware attacks. As an advanced, Western country it would be considered a lucrative target, yet only 39% of respondents report being hit by ransomware. This is a full 20 percentage points lower than neighboring USA where 59% reported ransomware. It may be that it benefits from being in the attack shadow of the USA. At the same time, the Canadian respondents were very alert to the issue and expect it to come their way; 68%  of the organizations NOT hit by ransomware anticipate being in the future.
  9. In the last year, has your organization been hit by ransomware? Base 5,000 Yes, you read that correctly! The public sector reported fewer attacks than all other sectors. The media, leisure, and entertainment industries actually report the highest levels of attack (60%), closely followed by IT, technology and telecoms (56%). At first glance this is surprising: the news is full of stories of hospitals and government organizations that have been held to ransom. However, the survey reveals that those headlines are creating a skewed picture of reality. In many countries, public sector organizations are obliged to report ransomware attacks however the private sector often has no such requirements so can choose to keep the attack quiet, perhaps to avoid creating concern amongst customers, reputation damage, or being perceived as an easy target by other attackers. These findings are backed up by Sophos’ own research into SamSam ransomware. Working with cryptocurrency monitoring organization Neutrino, Sophos followed the money and identified many ransom payments and victims that were previously unknown. Based on the much larger number of victims now known it seems that the private sector had actually borne the brunt of SamSam. 
  10. Let’s now look at the impact that ransomware had on those victims
  11. Did the cybercriminals succeed in encrypting your organization’s data in the most significant ransomware attack? Base 2,538. Traditionally, there are three main elements to a successful ransomware attack: - encrypt the data - get payment - decrypt the data (essential otherwise people would very quickly realize it’s not worth paying up) In three quarters of ransomware attacks (73%), the cybercriminals succeeded in encrypting the victims’ data – a pretty high hit rate. It is however encouraging is that in just under  a quarter of cases (24%) the attack was stopped before the data could be encrypted. . It seems that anti-ransomware is having an effect upon the success rates of these ransomware attacks. One interesting finding from the survey is that 3% of organizations said their data was not encrypted but they were still held to ransom. This type of attack was particularly dominant in Nigeria, as well as Colombia, South Africa, China, Poland. Belgium and the Philippines.   You could argue that this is extortion rather than ransomware. Semantics aside, the most important take-away is this is an attack vector to be vigilant of as crooks look for ways to make money without the effort of encrypting and decrypting files. https://nakedsecurity.sophos.com/2019/10/28/johannesburg-hit-by-second-malware-attack/
  12. Percentage of respondents that answered ‘No’ to: Did the cybercriminals succeed in encrypting your organization’s data in the most significant ransomware attack? Question only seen by respondents whose organization had been hit by ransomware in the last year. Base 2,538. Looking at a country level, Japan has least success at stopping attacks with 93% of attacks resulting in the encryption of data: 5% stopped the attack 1% said their data was not encrypted 1% don’t know Conversely, in Turkey half of attacks (51%) were stopped before the data could be encrypted. Reasons for this global variation could include differing levels of awareness of both the prevalence of ransomware and the likelihood of being hit, which in turn could result in differing levels of anti-ransomware specific defenses.
  13. Did the cybercriminals succeed in encrypting your organization’s data in the most significant ransomware attack? Data only represents respondents whose organization’s data had been encrypted in the most recent ransomware attack . Base 1,849  We asked the 73% of respondents that said their data had been encrypted in the most recent ransomware attack, what data was encrypted. 41% said just on premises data and/or data in the private cloud, while 35% said just data in the public cloud. 24% said a combination of the two. Adding this up, nearly 6 in 10 successful attacks (59%) include data in the public cloud. A word of caution here: it is likely that the respondents took a broad interpretation of public cloud, including cloud-based services such as Google Drive and Drop Box and cloud backup such as Veem, rather than focusing solely on AWS, Azure, and Alibaba Cloud-type services. Nonetheless, there is a clear learning: no data is safe and you should ensure data stored in the cloud is as well protected and backed-up as data stored on premises.
  14. Did your organization get the data back in the most significant ransomware attack? Question only seen by respondents whose organization had a ransomware attack where data was encrypted. Base 1,849 26% of those organizations whose data was encrypted got it back by paying the ransom. That’s one in four organizations. A further 1% paid the ransom but didn’t get their data back – so overall, 95% of organizations that paid the ransom had their data restored.
  15. Percentage of respondents that answered “Yes, we paid the ransom” to: Did your organization get the data back in the most significant ransomware attack? Question only seen by respondents whose organization had a ransomware attack where data was encrypted. Base 1,849. When it comes to paying the ransom, we see some noticeable  regional variations. In India 2 in 3 (66%) paid the ransom to get the data back, while 29% used backups. Conversely in Spain just 4% paid the ransom while 72% restored the data from backups. Note, we have removed the Philippines, South Africa, Poland and Turkey  from this chart as they all had bases of 30 or fewer for this question.  As Turkey is 30 respondents exactly, it is robust enough to be included in this chart Note, we have removed the Philippines, South Africa, Poland and Turkey from this chart as they all had bases of 30 organizations or fewer for this question.
  16. Q1: In the last year, has your organization been hit by ransomware? Base 5,000 Q2: Did the cybercriminals succeed in encrypting your organization’s data in the most significant ransomware attack? Base 2,538 Q3: Did your organization get the data back in the most significant ransomware attack? Base 1,849 As we’ve seen, data was encrypted in 73% of ransomware attacks. The good news is that 94% of those organizations whose data was encrypted managed to get their data back. We already know that 26% paid the ransom to get the data back. However more than double that – 56% - restored their data via backups. The remaining 12% said that they got their data back through other means. The clear take away here is that backups work. We strongly recommend that you should prioritize regular backups that are stored offsite and offline (where possible).
  17. What was the approximate cost to your organization to rectify the impacts of the most recent ransomware attack (considering downtime, people time, device cost, network cost, lost opportunity, ransom paid etc.)? Base 2,538 The average cost to the organization to rectify the impacts of the most recent ransomware attack (considering downtime, people time, device cost, network cost, lost opportunity, ransom paid etc.) is US$761,106. For smaller organizations of 100-1,001 employees the average cost was $505,827 and for 1,001 to 5,000 employee organizations the average cost was $981,140.
  18. What was the approximate cost to your organization to rectify the impacts of the most recent ransomware attack (considering downtime, people time, device cost, network cost, lost opportunity, ransom paid etc.)? Question only seen by respondents whose organization had been hit by ransomware in the last year. Base 2,538 When we look at the average cost to remediate a ransomware attack, the most startling finding is that Sweden and Japan report considerably higher costs than all other countries. At the other end of the scale, South Africa, Czech Republic and Poland have the lowest remediation costs. One possible reason for this variation in cost is the labor costs in the different countries. Sweden and Japan are typically higher salary countries, so the human hours required to remediate the ransomware attack will add up. Conversely, South Africa, Czech Republic and Poland are typically lower labor cost areas. We have already seen that Sweden has the second highest rate of ransom payment of all countries surveyed, second only to India. However, unlike India, it also has high labor costs which combine to deliver a financial double whammy when it comes to cleaning up after ransomware. It’s important to note that both Poland and the Philippines have very low bases (Poland (28) and Philippines (30) ) so we should exercise a degree of caution with the data for these countries.
  19. Did your organization get the data back in the most significant ransomware attack? Base 1,849. Paid the ransom combines responses "Yes, we paid the ransom" and "No, even though we paid the ransom". Didn’t pay the ransom combines responses "Yes, we used backups to restore the data", "Yes, we used other means to get our data back" and "No, we didn’t pay the ransom". One of the most interesting findings from the survey is that paying the ransom almost doubles the overall remediation cost versus not paying or getting the data back by backups or other means.  Not only does not paying the ransom generally make you feel better because you haven’t given money to criminals, the good news is that it also saves you money in the long run. As we saw earlier, 26% pay the ransom. For them, the average remediation cost (so those who paid the ransom and got the data back and those who paid the ransom but didn’t get their data back) was $1,448,458. The average remediation cost for those who didn’t pay the ransom (so those who used backups or other means to restore the data, or who didn’t pay and didn’t get the data back) was $732,520. This may sound counter-intuitive: if you’ve paid the ransom, why does it cost more? Well even if you pay the ransom you still need to do a lot of work to restore the data. In fact, the costs to recover the data and get things back to normal are likely to be  the same whether you get the data back from the criminals or from your backups. But if you pay the ransom, you’ve got another big cost on top.
  20. Does your organization have cybersecurity insurance that covers it if it is hit by ransomware? Base 5,000 Cybersecurity insurance is now the norm, with 84% of organizations reporting that they have it.* However only 64% have cybersecurity insurance that covers ransomware. This means up to one in five organizations (20%) are paying for cybersecurity insurance that doesn’t cover ransomware. Given that, as we’ve seen, 51% of organizations experienced ransomware in the last year, and with average remediation costs of US$761,106, organizations should question the value of insurance that excludes ransomware. * This is the sum of those who responded to the question “Does your organization have cybersecurity insurance that covers it if it is hit by ransomware” with: "Yes, our cybersecurity insurance covers ransomware" "No, our cybersecurity insurance does not cover ransomware" "I don't know if our cybersecurity insurance covers a ransomware attack".
  21. As we’ve seen, 84% of organizations have cybersecurity insurance, however only 64% have cybersecurity insurance that covers it against ransomware. This table looks at those data points by country. The orange shows the % of organizations with cybersecurity insurance and the green shows the percentage with insurance that covers them for ransomware. What we need to look at here are both the absolute numbers for each column, and also the gap between the two bars for each country. India tops the list of organizations with cybersecurity insurance, and also has the second highest level (80%) of organizations with insurance that covers ransomware. Given that India also reported the highest propensity to be hit by ransomware, this is a logical correlation. Conversely, Turkey reported the 3rd rate of ransomware attacks. However, while it has the third highest rate of cybersecurity insurance (93% are covered), it also has one of the biggest gaps between bars with only 57% of organizations covered for ransomware. Despite China having a below-average rate of ransomware attacks (45% hit in the last year), it has the joint-highest level of cybersecurity insurance (94%) as well the highest level of cybersecurity insurance that covers ransomware (82%). Indeed it has the smallest gap between columns of all 26 countries surveyed. One interesting outlier here is Germany. It is surprising to see a developed economy that has such a low level of insurance (77%) and also one of the lowest levels of cybersecurity insurance that covers ransomware (50%). Germany reported above-average levels of ransomware (57% of organizations were hit in the last year) which makes the insurance data all the more surprising.
  22. Does your organization have cybersecurity insurance that covers it if it is hit by ransomware? Base 5,000 Although the public sector dominates the ransomware headlines, they are also the most exposed to the full brunt of a ransomware attack. On average, 64% of organizations have insurance that covers ransomware. Financial services has the highest rate of coverage (72%), which reflects the fact that the nature of their industry means they are perceived as a lucrative target. IT, telecoms and technology are not far behind on 70%. Public sector organizations, however, lag considerably behind their private sector counterparts. Just 51% are covered by insurance for ransomware costs, a full 10 percentage points behind the next sector. This low rate of protection could be due to costs. Tight public sector funding is commonplace across the globe and it may be that budgets don’t stretch to insurance.
  23. The percentage of respondents that selected ‘Yes we paid the ransom’ (Q3) and said the cybersecurity insurance paid the ransom? (Q6) Let’s now look at the role of cybersecurity in paying the ransom. As we’ve seen, 73% of ransomware attacks result in the data being encrypted. Of those organizations whose data was encrypted, 26% said they paid the ransom to get the data back. However, when we dive deeper, we discover that in almost all of the incidents when the ransom is paid – 94% - it’s the cybersecurity insurance that’s paying the ransom. This leads to the question: is the cybersecurity insurance actually fuelling the ransomware industry? Virtually all ransom payments are made by the insurance company rather than the victim organization. As we’ve seen, paying the ransom doubles the overall clean-up costs.
  24. How did the ransomware attack get into your organization? Base 2,538 We asked the organizations that said they had been hit by ransomware in the last year, how the attack got into their organization. File download/email with malicious attachments topped the list, accounting for 29% of attacks. Second was remote attacks on servers, accounting for 21% of attacks. However what really stands out when we look at this data is that there is no single main attack vector. Rather attackers are using a range of techniques and whichever defense has a weakness is how they get in. When one technique fails they move on to the next, until they find a weak spot. This data demonstrates the need for an effective layered defense, that covers your endpoints, servers, public cloud instances, email, network gateway and supply chain. Just focusing on a single technology is a recipe for infection.
  25. So let’s sum up now our findings – and what you should do about them. 1. Start with the assumption that you will be hit. Ransomware it doesn’t discriminate: every organization is a target regardless of size, sector, or geography. Plan your cybersecurity strategy based on the assumption that you will get hit. 2. Invest in anti-ransomware technology to stop unauthorized encryption. 24% of survey respondents that were hit by ransomware were able to stop the attack before the data could be encrypted. 3. Protect data wherever it’s held. Almost six in ten ransomware attacks that successfully encrypted data  include data in the public cloud. Your strategy should include protecting data in the public cloud, private cloud, and on premises. 4. Make regular backups and store offsite and offline. 56% of organizations whose data was encrypted restored their data using backups last year. Using backups to restore your data considerably  lowers the costs of dealing with the attack compared with paying the ransom. There really is no excuse not to have them. 5. Ensure your cyber insurance covers ransomware. Make sure that you’re fully covered if the worst does happen. 6. Deploy a layered defense. Ransomware actors use a wide range of techniques to get around your defenses; when one is blocked they move on to the next one until they find the chink in your armor. You need to defend against all vectors of attack.  
  26. We’ve already seen the many different ways that ransomware gets into organizations. The good news is that Sophos can help you protect against ransomware – however it gets in - with Intercept X. It’s packed with technologies to stop ransomware from holding them hostage. 21% of ransomware got in via a remote attack on a server. Intercept X for Server gives you the dedicated server-specific protection that you need. We also see that nearly one in 10 attacks get in via RDP. Our EDR release in June 2020 enables customers to look for RDP exposure, so they can take action before it’s too late. In addition, Intercept X includes a host of technologies that stop ransomware whatever the vector of attack CryptoGuard rolls back the unauthorized encryption of files The deep learning malware detection engine detects both known and unknown ransomware malware While the anti-exploit capabilities block the delivery and installation techniques. In addition, the Credential Theft feature stops privilege escalation, preventing hackers from moving round your system. It’s a full layered defense in one product. Learn more and start a no-obligation free trial at www.Sophos.com/interceptx
  27. Did the cybersecurity insurance pay out to address the costs associated with the most significant ransomware attack that your organization suffered? Base 1,734
  28. We’ve mentioned the public cloud a few times in this session and so I want to highlight briefly how Sophos can help with securing the public cloud. Firstly, to secure your organization you need to know what you’ve got in the cloud. Sophos Cloud Optix provides a complete inventory of what you have running in the cloud (Virtual machines, storage etc). And then analyses it it for vulnerabilities so you can fix any security holes. It also identifies over-privileged user IAM roles and access that can be compromised by attackers, as well as connecting disparate actions to identify unusual cloud account access patterns and login locations in near-real time to identify credential theft. To secure cloud workloads we have Intercept X for Server. It protects virtual machines, the virtual desktops running on them for remote workers, as well as Auto Scaling groups - all from the latest threats including ransomware, fileless attacks, and server-specific malware. It works exactly the same as it does on-premises, but also includes server-specific functionality including Server Lockdown, also known as whitelisting so when you have your virtual machine setup as you want you can lock it down with a single click. And to protect the network edge from threats, we have XG Firewall. XG Firewall secures inbound and outbound traffic to your virtual desktop environments. And provide secure remote access for administrators and developers to private applications running on virtual machines in the cloud And, as you’d expect from us - managed from a single console across – enabling you to protect, analyze and report on AWS, Azure and Google Cloud security posture from one place.