Ransomware clearly needs to be taken seriously, but the majority of SMBs are not getting the message
Small and medium-sized businesses (SMBs) are still not fully prepared to deal with the threat of ransomware and are showing a worrying false sense of security towards the issue
According to endpoint security Webroot, just 42 percent of organisations with 100 to 499 employees believe they will be susceptible to ransomware attacks in 2017, despite 72 percent of IT decision makers (ITDMs) admitting to a lack of preparedness.
Furthermore, ITDMs are more concerned with new malware infections (59 percent) and mobile attacks (53 percent) than ransomware (42 percent), despite recent high-profile attacks like WannaCry and NotPetya dominating headlines.
“The lack of concern about ransomware is leaving a gaping hole in the security of global businesses, as witnessed by the recent outbreaks of WannaCry and not-Petya,” said Adam Nash, Webroot’s EMEA regional manager.
“This, combined with the UK’s false sense of security when it comes to businesses’ ability to manage external threats, is worrying. Small- to medium-sized businesses can no longer afford to put security on the back burner and need to start engaging with the issues and trends affecting the industry.”
It’s clear that ransomware is a threat that needs to be taken seriously. Webroot’s threat research suggests that more than 60 percent of companies have already been affected by ransomware, with the financial and retail sectors being hit the hardest.
And what’s more, the implications of suffering such a cyber attack are wide-ranging. For example, ITDMs estimate that an attack that results in the loss of customer records or critical business data would cost an average of £737,677 in the UK.
Reputation also needs to be considered; 58 percent of ITDMs believe it would be more difficult to restore the company’s public image than to restore employee trust and morale.
As such, 98 percent of businesses plan to increase their annual IT security budget in 2017, with more and more firms looking to outsource their cyber security operations to third-party providers.
The problem for businesses is that there is no simple solution. Businesses are still being riddled with ransomware attacks and new variants are being discovered almost on a daily basis.
This prevalence means organisations need to take a layered approach to cyber security and ensure that the issue is given the attention it so clearly deserves.