Cyber-security teams need to brace themselves for more action: Ransomware attacks are likely to increase during the second half of this year, according to a recent survey conducted by ISACA (Information
Systems Audit and Control Association), a nonprofit group for IT and information systems professionals. More than four out of five survey respondents expect an upsurge in attacks, and most of them said they are at least somewhat prepared. Still, about one-fourth admit that they aren't ready, and fully half have not trained their employees to deal with ransomware. That's risky, warns ISACA CEO Matt Loeb, who says, "WannaCry, Petya, Cryptolocker … ransomware will continue to be news and become the norm. What's needed is protection before an attack—not just a swift recovery afterwards." Besides educating employees, enterprises should be more aggressive in applying software patches, which Loeb sees as critical to protecting an organization from the crippling consequences of an attack. The majority of organizations in the study have not yet experienced a ransomware attack, and only a very small minority of respondents said their organization would pay the ransom if it were hit. Still, complacency is dangerous. "Don't assume your enterprise 'might' be a victim of ransomware," Loeb stresses. "Assume it will. Every organization needs to focus on being prepared for the next ransomware attack, through training, frequent software updates or hiring highly skilled staff." The survey included 448 respondents. About half the participating organizations have fewer than 1,500 employees, 23 percent have 1,500 to 9,999, and 28 percent have 10,000 or more workers. They represent a wide range of industries, with financial/banking firms and technology services/consulting firms leading the way. The survey group covers the globe.