As one of the most well-known cyber threats of late, Australian consumers still feel like they are in the dark about how to deal with ransomware and what protection they need.
At last month's CeBIT trade show in Sydney, WatchGuard conducted a survey of 492 consumers and found that 37% are unsure if they are protected against ransomware at all.
WatchGuard says this means they might not even understand what a ransomware attack is, or maybe have been a victim and not realised it at the time.
23% of respondents said they felt 'insufficiently protected' against a future ransomware attack and 16% had been a victim before.
WatchGuard's ANZ regional director David Higgins says Australians need to increase their awareness and education about cyber risk.
“Whether you want to contemplate another WannaCry scenario or not, it’s only a matter of time before self-spreading ransomware – or ransomworms – begin to wreak havoc. By taking a comprehensive and multi-layered approach to security, organisations can reduce the likelihood they will fall victim to malware attacks and avoid the disruptive and potentially costly problems they can cause," he says.
But that advice isn't limited to consumers. Earlier this year WatchGuard conducted a survey that found 16% of resellers believe their customers would pay a ransom demand.
In a statement, WatchGuard states that the recent Wannacry outbreak has put ransomware front of mind. Ransomware attacks have been around since 2005, however the number of attacks has peaked in the last three years.
The company offers advice for businesses and consumers to prevent ransomware attacks:
It’s important for users to be aware of the threats that malware brings. Staff should be educated about phishing attacks and to be cautious when downloading files or opening attachments from unfamiliar parties.
Regular back-ups of critical data are a vital part of any security strategy. In larger organisations, a global share drive can be created in which all important files should be stored. This drive can then be backed up as often as is needed. Copies of backups should also be kept offline as an additional layer of protection.
Defence in depth
In a complex IT infrastructure, there should be multiple layers of security designed to stop attacks. While no single defence can protect completely, creating a defence in depth strategy will ensure systems and data are as secure as they can be.
Layered protection should range from firewalls and anti-virus software through to network intrusion and advanced persistent threat tools.