DataSolutions today announced the results of a survey, which found that 73% of companies have made changes to their IT security as a direct result of the WannaCry ransomware incident. The research also found that one-fifth of senior IT decision-makers in Ireland would pay a ransom if under attack from cyber criminals.
In May 2017, approximately 200,000 computers in 150 countries, including Ireland, were infected by the unprecedented WannaCry ransomware attack. Despite widespread upgrades to security systems since the attack, DataSolutions found that a significant 30% of respondents still don’t think that their organisation is capable of protecting itself against emerging threats. The complete survey results will be revealed at DataSolutions’ Secure Computing Forum in the Aviva Stadium on 21st September.
As companies remain ill-equipped to tackle cyber threats, the survey results indicate that ransomware remains an issue for Irish and Northern Irish organisations. When asked if they had been held to ransom in the past 12 months, 19% of survey respondents stated that they had.
If held to ransom, 19% of businesses would pay up to €50,000 to recover their data from cybercriminals. This is a substantial increase from a similar survey carried out by DataSolutions 17 months ago, when just 7% said that they would pay a ransom.
David Keating, security specialist, DataSolutions, said: “The results of this year’s survey highlight that ransomware remains an effective weapon for cybercriminals seeking to extract money from businesses. Ransomware attacks are a very disruptive form of cybercrime , and, as the recent WannaCry and Petya outbreaks made clear, they pose a huge threat to organisations of all types and sizes. Companies need to take steps to implement tried and tested security systems to secure their interests, or risk facing further attacks.
“Considering the numbers stating that they have been held to ransom in the past 12 months, we can infer that that a significant number of organisations that fall victim to cybercrime are paying out to cybercriminals.”
When it comes to the factors that are leaving companies vulnerable to exposure, a failure to frequently update IT equipment could be playing a part. Almost half (46%) of those surveyed said that the platforms that they work with on a daily basis are outdated. Employees were also singled out as a critical vulnerability, with 77% saying that a lack of security savvy among employees put their organisation at risk of a data breach.
Despite these vulnerabilities, 67% of those surveyed claimed not to have experienced a data breach in the past year, with one-third stating that they had experienced breaches.
David Keating, continued: “The fact that almost 70% of respondents claim not to have experienced a cyber-breach in the past 12 months displays a fundamental misunderstanding as to what constitutes a data breach. The term does not solely refer to the instance of a ransomware attack and, with this in mind, it is likely that far more of these companies may have experienced some form of security compromise.
“Cybercriminals have access to incredible resources and extremely sophisticated technologies, but many businesses are continuing to implement technologies that focus on detecting attacks, rather than preventing them. This fragmented approach focuses on a fix after the damage has been done. Companies need to change tack and apply new approaches that are focused on prevention to ward off future attacks.
“We will be presenting the results of the survey at this year’s DataSolutions Secure Computing Forum which will take a look at the advanced technologies and strategies that companies can embrace to safeguard their interests. By turning to preventative measures, businesses can protect against the unexpected and secure their futures.”
More information about this year’s Secure Computing Forum can be found at http://securecomputingforum.