The latest data reveals ransomware’s pervasiveness throughout every industry, size, and type of organization, confirming its’ place as the number one cyberthreat today – and a glaring clue why…

We told you last month about Fortinet’s findings where ransomware grew over 1000% between July 2020 and June 2021. This new data from Fortinet’s 2021 Ransomware Survey Report shows just how egregious ransomware attacks are today, and how organizations aren’t making the connection between the cyberattack and their own users. First a bit of data on the state of ransomware attacks:

  • 67% of orgs have been a target of ransomware attacks
  • 16% have been hit three or more times
  • 96% feel at least moderately prepared (despite the % of attacks indicating otherwise)

So, organizations should take a look at why they are being hit so much, right? I don’t think they seeing what I’m seeing in the rest of the data – take a look:

  • Nearly a third (32%) say there’s a lack of Security Awareness Training
  • 61% have user training – but as part of an incident response plan (after and not before???)
  • 58% of ransomware attacks in North America start with phishing a user

And most importantly:

  • In the list of protection and defensive measures essential to secure against ransomware, nowhere to be found is Security Awareness Training:

10-11-21 ImageSource: Fortinet

I can only conclude that organizations today are not making the connection between their own users playing a part in either helping or stopping ransomware attacks and the value Security Awareness Training brings to a proactive security stance designed to stop ransomware attacks that start with phishing as the initial attack vector.