Other issues in this category (14)
Freedom means responsibility
In most companies, employees have very broad privileges (broad to a fault) when working on PCs. Users receive emails that haven’t undergone the slightest bit of filtering, including emails containing executable files; they can run and install whatever applications they need. Sooner or later, this turns into a problem.
Freedom means responsibility. So who is to blame at your office if you are allowed to run any program, and you launch an encryption ransomware program?
59% of employees who infected their office workstations with encryption ransomware paid the ransom out of their own pockets. The average outlay was about $1,400. Only 37% said their employers paid the ransom.
Most hoped to pay the ransom and decrypt the company data before everyone else discovered the incident.
Maybe none of them knew about the threats? As a rule, the employees knew. But they had to work, and those IT pros "prevented" them from getting their jobs done (according to statistics, 86% of employees believe they can identify phishing emails themselves). Sometimes people launch encryption ransomware from emails, after they have completed training courses on the basics of information security.
70% of employees completed training on combatting cyber threats, and 30% were aware of the recent WannaCry outbreak.
31% of respondents admitted they did not know about the threats before undergoing training.
Who suffers the most from encryption ransomware?
☠ 21% of office employees and 25% of IT employees have been impacted by phishing emails
☠ 34% of company owners or high-ranking company employees have been impacted by phishing emails.
☠ 60% of the businesses hit by ransomware had more than 100 employees, and 25% were enterprises with more than 1,000 employees.
It turns out that company managers, who usually have elevated privileges on their computers, access to critical information, and authority to manage company finances, are at risk.
How severe can the consequences of infection be?
72% of infected business users could not access their data for at least two days following a ransomware outbreak, and 32% lost access for five days or more.
And even if you’re not affected, you can never be sure that it was your colleagues who caused the infection and not you:
86% of infections have affected two or more employees, and 47% spread to more than 20 people.
What can we recommend in such a situation? Human carelessness and self-confidence have no boundaries. There is a saying that army statutes and safety instructions are written in blood. But that doesn’t mean they can’t be violated.
So once again: use strong passwords, install updates, keep privileges to a minimum, and always use the latest anti-virus. Of course, that should be Dr.Web!