More than one-third of security professionals knowingly circumnavigate security controls despite the ever-growing risk of ransomware. A total of 35 percent of security professionals admitted to turning off or bypassing their corporate security settings, according to a survey from security specialist Bromium.

The results of the survey — which comes at a time when risky ransomware is dominating global news — highlighted how IT workers must help their businesses take a firmer line on information security controls.

Understanding the Wider Context

As many as 10 percent of security professionals surveyed admitted to paying a ransom or hiding a breach without alerting their teams, the survey found. And there were 638 million reported ransomware attacks last year, according to SonicWall, meaning the scale of attacks could be much higher than perceived.

Security teams should be leading by example, but human behavior is often the weakest link in cybersecurity, Fraser Kyne, Bromium EMEA chief technology officer (CTO) told Infosecurity Magazine. He said processes will be bypassed by even those most aware of the risks if it helps people conduct their work more effectively.

This sentiment is consistent with additional Bromium research, which highlighted that 85 percent of chief information officers (CIO) believed end users are the weakest link in security. The firm also claimed that 40 percent of global enterprises have suffered a ransomware attack.

Detailing the Rise in Ransomware

The risk of ransomware is rising exponentially. SonicWall detected a huge year-over-year increase in attacks, from 3.8 million in 2015 to 638 million in 2016. This unprecedented growth may have been driven by the low cost of conducting a ransomware attack, the ease of distributing it and the low risk of being caught.

Dangers from ransomware were brought into sharp relief last week when the WannaCry ransomware attack spread across the globe. The attack, which has already affected major private and public sector organizations, continues to have a significant impact on organizational effectiveness.

The risks from ransomware, both in terms of data loss and reputation damage, are potentially huge. Companies can be keen to hide their mistakes. However, in the wake of the latest spate of attacks, experts around the globe advised users not to pay the ransom to malicious actors.

Taking Steps to Improve Security Controls

Bromium is not the first organization to note how security professionals cover up breaches. AlienVault surveyed 1,000 security employees and found that 1 in 5 had witnessed a company hide or cover up a breach, another Infosecurity Magazine article noted.

While recovering data loss from ransomware is often difficult or impossible, companies can take steps to both remove the infection and reduce the risk of subsequent attacks. Lawrence Abrams of Bleeping Computer, for example, provided a detailed best practice guide for WannaCry ransomware removal.

The National Cyber Security Centre in the U.K., which is an arm of the Government Communications Headquarters (GCHQ), advised organizations looking to limit the impact of ransomware to control access to data and file systems to only users with business needs. Businesses should also ensure that they have fully tested backup solutions in place.

More from

Most organizations want security vendor consolidation

4 min read - Cybersecurity is complicated, to say the least. Maintaining a strong security posture goes far beyond knowing about attack groups and their devious TTPs. Merely understanding, coordinating and unifying security tools can be challenging.We quickly passed through the “not if, but when” stage of cyberattacks. Now, it’s commonplace for companies to have experienced multiple breaches. Today, cybersecurity has taken a seat in core business strategy discussions as the risks and costs have risen dramatically.For this reason, 75% of organizations seek to…

How IBM secures the U.S. Open

2 min read - More than 15 million tennis fans around the world visited the US Open app and website this year, checking scores, poring over statistics and watching highlights from hundreds of matches over the two weeks of the tournament. To help develop this world-class digital experience, IBM Consulting worked closely with the USTA, developing powerful generative AI models that transform tennis data into insights and original content. Using IBM watsonx, a next-generation AI and data platform, the team built and managed the entire…

How the FBI Fights Back Against Worldwide Cyberattacks

5 min read - In the worldwide battle against malicious cyberattacks, there is no organization more central to the fight than the Federal Bureau of Investigation (FBI). And recent years have proven that the bureau still has some surprises up its sleeve. In early May, the U.S. Department of Justice announced the conclusion of a U.S. government operation called MEDUSA. The operation disrupted a global peer-to-peer network of computers compromised by malware called Snake. Attributed to a unit of the Russian government Security Service,…

How NIST Cybersecurity Framework 2.0 Tackles Risk Management

4 min read - The NIST Cybersecurity Framework 2.0 (CSF) is moving into its final stages before its 2024 implementation. After the public discussion period to inform decisions for the framework closed in May, it’s time to learn more about what to expect from the changes to the guidelines. The updated CSF is being aligned with the Biden Administration’s National Cybersecurity Strategy, according to Cherilyn Pascoe, senior technology policy advisor with NIST, at the 2023 RSA Conference. This sets up the new CSF to…