A recent study Global Cost of ransomware , carried out by Ponemon Institute by order of Illumio, revealed the serious consequences of incomes’ attacks for Australian companies. According to a survey of 2500 specialists in the field of IT and cybersecurity, including more than 250 respondents from Australia, local organizations turned out to be more vulnerable to these threats than their foreign colleagues.
About 64% of injured enterprises were forced to completely suspend the work. Significant financial losses from attacks suffered 43% of companies, 42% were forced to reduce staff, and 39% lost customers. In 28% of cases, attackers managed to get to critical systems, which led on average to 12 hours of downtime – a record indicator among all countries covered by a study.
As the director of the critical infrastructure of Illumio Trevor Corting noted, attacks can be restrained if strict protection measures, such as microsegation. It allows you to block the spread of the threat at the level of penetration, which can significantly reduce losses and protect critical data.
The liquidation of the most large -scale attack by companies required an average of 17 employees, each of which worked to eliminate the problem of 134 hours. At the same time, reputation costs often turned out to be higher than judicial and regulatory consequences: 39% of companies were faced with noticeable damage to the brand.
Australian organizations demonstrate a lower level of protection compared to world leaders. Only 18% of companies introduced microsigmentation – this is half as much as in the USA, where such a mechanism is used by 44% of organizations. The main goals of attacks were operating technologies (41%), cloud services and final devices (39%each).
Hackers most often use hacking methods through the remote desktop protocol (RDP) and phishing, and laptops and desktop compromise points with outdated and unprotected systems remain key points of compromise.
Companies invest significant funds in protection against extortionists – almost a third of the IT budget is spent on these measures. However, despite these investments, 91% of organizations have already encountered successful attacks, and only 56% are confident in their defense. Only 10% of the companies managed to restore all the data after the attack, although 47% believed that their backup copies were completely reliable.
The report also indicated problems with the informing of law enforcement agencies. 71% of affected companies did not report what happened, fearing the consequences, lack of time or unwillingness to disclose incident