You know ransomware is on the rise, when more than 50% of small and midsized businesses have fallen victim to it. The problem is that out of those businesses, 48% of them have paid a ransom (Ponemon Institute). This means businesses are losing double, if not triple: they lose money to cybercriminals, time to recover data and get back to business operations, and customers if their sensitive data was taken and they decide to leave (due to the incident causing lack of trust).
Ponemon Institute’s research report, The Rise of Ransomware, reveals that the average company has had four ransomware attacks in the last year, that they’ve paid an average ransom of $2,500 per incident, and that they’ve spent 42 hours dealing with the attack. Of those companies who did not pay, 42% of them didn’t because they had a full and accurate backup of their data.
Additional findings by the report revealed that only 13% of companies said their preparedness to prevent ransomware was high; and only 46% of them said that prevention of ransomware attacks was a high priority for their company. This means more than 50% of businesses are not making ransomware prevention a high priority, which leads to an incomplete security posture and most likely can also mean that these companies are not making overall cybersecurity a high priority.
When asked why the companies don’t consider prevention of ransomware a high priority, 57% of them said that their companies were too small to be a target of ransomware. If one were to reason on this statistic alone, it explains why businesses (overall) are still so insecure. Essentially, the threat is real, but not enough to cause urgency on behalf of businesses who have limited resources and have not been used to regularly allocating a portion of their annual budget to cybersecurity measures that go beyond the typical technology solutions.
Businesses know that technology solutions aren’t sufficient to prevent ransomware infections. In fact, in the report only 27% of companies were confident in their current antivirus software protecting their company from ransomware. Companies also shared concerns about the use of IoT connected devices increasing their ransomware risks. Businesses also mentioned their inability to detect all ransomware infections as something that puts them at risk. According to 44% of companies, an average of one or more ransomware infections go undetected per month and are able to bypass their organization’s IPS and/or AV systems. At the same time, 29% of those surveyed said they could not determine how many ransomware infections go undetected in a typical month.
From the report it is clear that businesses know about ransomware and that they (as a business) are not at their top game with cybersecurity; but at the same time, there is a disconnect with making ransomware prevention a priority so that they may combat the threat more effectively. As cybercriminals target more and more businesses this disconnect will fade away, but hopefully it doesn’t have to be the only way to get a go with cybersecurity for every small and midsized business out there.
If you’re a business owner or executive that knows it’s time to upgrade your cybersecurity status to one that integrates a holistic approach, to really combat your ransomware and overall cyber risks, we’re only a call away.
Schedule your free infosec consultation to get ahead of ransomware risks and more now!
Photo courtesy of Tashatuvango