Ransomware hits Australian firms hard: 64% halt operations

A new study highlights the severe impact of ransomware attacks on Australian businesses, with a significant 64% of affected companies being forced to halt operations.

The Global Cost of Ransomware Study, conducted by the Ponemon Institute and commissioned by Illumio, surveyed over 2,500 IT and cybersecurity professionals globally, with more than 250 responses from Australia. The research reveals that Australian organisations are particularly vulnerable to ransomware attacks compared to their global counterparts.

The study found that, in Australia, 43% of businesses experienced substantial revenue loss due to ransomware, 42% had to cut jobs, and 39% lost customers. A noteworthy 28% of these attacks reached critical systems, causing an average of 12 hours of downtime, marking the highest downtime recorded globally.

Trevor Dearing, Director of Critical Infrastructure at Illumio, remarked, "Ransomware is more pervasive and impactful than ever, but not all attacks need result in the suspension of operations or major business failure. Organisations need operational resilience and controls like microsegmentation that stop attackers from reaching critical systems should be non-negotiable. By containing attacks at the point of entry, organisations can protect critical systems and data, and save millions in downtime, lost business, and reputational damage."

The report also explored the efforts made by organisations to mitigate the threat. It showed that containing and remedating the largest ransomware attack required 17 people working an average of 134 hours each.

Additional findings revealed that reputation and brand damage costs exceeded those from legal and regulatory actions. Thirty-nine percent of companies reported notable brand damage after an attack, while many lacked adequate measures to swiftly identify and contain these cyber threats.

In terms of technological defences, only 18% of Australian companies have implemented microsegmentation to prevent the spread of breaches, notably less than the 44% reported by US companies.

Australian companies also reported operation technology as the most vulnerable system to ransomware attacks, with 41% highlighting its susceptibility, followed by cloud systems and endpoint devices, both at 39%.

The methods of attack predominantly included exploitation of Remote Desktop Protocol (RDP) connections and phishing. Desktops and laptops were cited as the most compromised devices, with attackers often exploiting unpatched systems to spread across networks and escalate privileges.

Investment in ransomware defences remains substantial, with organisations dedicating nearly a third of their IT budgets to these efforts. However, despite 91% reporting successful ransomware intrusions, only 56% remain confident in their current security measures.

Alarmingly, only 10% of respondents recovered all data after an attack, despite 47% believing that complete and accurate backups could act as an effective defence.

The study further revealed challenges in reporting ransomware incidents to law enforcement, with 71% of attacked companies refraining from doing so due to fear of retaliation, time constraints, or not wanting to publicise the breach.

Moreover, the research highlighted a lack of confidence in employees' capacity to detect social engineering threats, with only 45% expressing such faith. Insider negligence is cited as a prevalent issue when responding to ransomware incidents.

The adoption of Artificial Intelligence in combating ransomware is low in Australia, at only 35%, the lowest among the surveyed countries. Additionally, 46% of participants expressed concern over potential AI-generated ransomware attacks.