Today, new research has revealed that over a third of British businesses (36 per cent) are not ‘very confident’ that efforts to completely eradicate a recent ransomware attack from work systems have been successful.
The research – commissioned by Citrix and carried out by One Poll – quizzed 500 IT decision makers in companies with 250 or more employees across the UK to uncover the extent to which large British organisations are prepared for the threat of ransomware. The research also considered the proportion of businesses which have been targeted with a successful ransomware attack and the current impact of these attacks on corporate devices.
Prior planning (and policy) prevent poor performance
This latest poll has found almost half (45 per cent) of large British businesses have fallen victim to a successful ransomware attack. Despite this, more than 1 in 10 (11 per cent) of large organisations still do not have a formal ransomware policy in place. Although British businesses are increasingly threatened by this strain of malware, almost two fifths (38 per cent) of these unprepared businesses are not planning to implement a ransomware-focused policy in the next 12 months. Conversely, half of this group (50 per cent) confirmed that firm plans are in place to put such a policy into practice in the next year.
Chris Mayers, chief security architect, Citrix, said:
“Cyber criminals are continuing to exploit British businesses by launching ransomware attacks to remove access to mission-critical data or to make significant sums of money by demanding large ransoms for the safe return of such data. Despite this, many organisations have yet to take action and implement policies which will ensure the IT network is well prepared for a possible attack.
“By committing to robust cybersecurity techniques and ensuring specific policies are in place in case of an attack, companies can lessen the chances of falling prey to ransomware and creating any vulnerabilities for cyber-attackers to find.”
Ransomware infection rate across devices
The poll also dug into the extent to which ransomware attacks have affected corporate devices and systems, revealing that IT often faces significant numbers of infected devices. On average, businesses reported that 47 devices had been infected by their most recent ransomware attack but one third (33 per cent) of businesses with over 1000 employees reported that more than 101 devices were affected. Among those organisations which had fallen victim to a ransomware attack, less than a third (31 per cent) saw 25 or fewer devices affected.
Chris Mayers added:
“Falling prey to a ransomware campaign can have a devastating effect on a business, from the loss of highly sensitive corporate data to reduced revenues and a sharp decline in public trust. It’s worrying to see many businesses are concerned that ransomware may be lingering on the corporate network after mitigation efforts have taken place, particularly when it can spread across many different devices.
“Setting robust cyber standards is a crucial first step to addressing this. By using technology, which focuses on the secure delivery of data and apps to all devices and desktops – including the capability to wipe them remotely – organisations are safeguarded from losing devices and critical data to cyber-attackers.”
