May 15, 2017 By Mark Samuels 2 min read

More than one-third of security professionals knowingly circumnavigate security controls despite the ever-growing risk of ransomware. A total of 35 percent of security professionals admitted to turning off or bypassing their corporate security settings, according to a survey from security specialist Bromium.

The results of the survey — which comes at a time when risky ransomware is dominating global news — highlighted how IT workers must help their businesses take a firmer line on information security controls.

Understanding the Wider Context

As many as 10 percent of security professionals surveyed admitted to paying a ransom or hiding a breach without alerting their teams, the survey found. And there were 638 million reported ransomware attacks last year, according to SonicWall, meaning the scale of attacks could be much higher than perceived.

Security teams should be leading by example, but human behavior is often the weakest link in cybersecurity, Fraser Kyne, Bromium EMEA chief technology officer (CTO) told Infosecurity Magazine. He said processes will be bypassed by even those most aware of the risks if it helps people conduct their work more effectively.

This sentiment is consistent with additional Bromium research, which highlighted that 85 percent of chief information officers (CIO) believed end users are the weakest link in security. The firm also claimed that 40 percent of global enterprises have suffered a ransomware attack.

Detailing the Rise in Ransomware

The risk of ransomware is rising exponentially. SonicWall detected a huge year-over-year increase in attacks, from 3.8 million in 2015 to 638 million in 2016. This unprecedented growth may have been driven by the low cost of conducting a ransomware attack, the ease of distributing it and the low risk of being caught.

Dangers from ransomware were brought into sharp relief last week when the WannaCry ransomware attack spread across the globe. The attack, which has already affected major private and public sector organizations, continues to have a significant impact on organizational effectiveness.

The risks from ransomware, both in terms of data loss and reputation damage, are potentially huge. Companies can be keen to hide their mistakes. However, in the wake of the latest spate of attacks, experts around the globe advised users not to pay the ransom to malicious actors.

Taking Steps to Improve Security Controls

Bromium is not the first organization to note how security professionals cover up breaches. AlienVault surveyed 1,000 security employees and found that 1 in 5 had witnessed a company hide or cover up a breach, another Infosecurity Magazine article noted.

While recovering data loss from ransomware is often difficult or impossible, companies can take steps to both remove the infection and reduce the risk of subsequent attacks. Lawrence Abrams of Bleeping Computer, for example, provided a detailed best practice guide for WannaCry ransomware removal.

The National Cyber Security Centre in the U.K., which is an arm of the Government Communications Headquarters (GCHQ), advised organizations looking to limit the impact of ransomware to control access to data and file systems to only users with business needs. Businesses should also ensure that they have fully tested backup solutions in place.

More from

Cybersecurity dominates concerns among the C-suite, small businesses and the nation

4 min read - Once relegated to the fringes of business operations, cybersecurity has evolved into a front-and-center concern for organizations worldwide. What was once considered a technical issue managed by IT departments has become a boardroom topic of utmost importance. With the rise of sophisticated cyberattacks, the growing use of generative AI by threat actors and massive data breach costs, it is no longer a question of whether cybersecurity matters but how deeply it affects every facet of modern operations.The 2024 Allianz Risk…

Autonomous security for cloud in AWS: Harnessing the power of AI for a secure future

3 min read - As the digital world evolves, businesses increasingly rely on cloud solutions to store data, run operations and manage applications. However, with this growth comes the challenge of ensuring that cloud environments remain secure and compliant with ever-changing regulations. This is where the idea of autonomous security for cloud (ASC) comes into play.Security and compliance aren't just technical buzzwords; they are crucial for businesses of all sizes. With data breaches and cyber threats on the rise, having systems that ensure your…

Adversarial advantage: Using nation-state threat analysis to strengthen U.S. cybersecurity

4 min read - Nation-state adversaries are changing their approach, pivoting from data destruction to prioritizing stealth and espionage. According to the Microsoft 2023 Digital Defense Report, "nation-state attackers are increasing their investments and launching more sophisticated cyberattacks to evade detection and achieve strategic priorities."These actors pose a critical threat to United States infrastructure and protected data, and compromising either resource could put citizens at risk.Thankfully, there's an upside to these malicious efforts: information. By analyzing nation-state tactics, government agencies and private enterprises are…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today