Ransomware not as much of a concern to businesses, despite high cost

Ransomware not as much of a concern to businesses, despite high cost [Image: hilllander via iStock]

Businesses are not as concerned about ransomware as they once were, despite it being one of the most costly forms of cyber attack.

This is according to Chris Ross, senior vice president international at Barracuda Networks.

In an article, he wrote that his company revisited a survey it had carried out in 2017 to find out more about ransomware’s impact on businesses. The results were that despite there being no evidence that the threat has diminished, the number of companies saying that ransomware is a concern for them and their organisation has fallen, from 91 per cent in 2017 to 84 per cent this year.

However, the number of businesses that had fallen victim to ransomware had also fallen – from 48 per cent in 2017 to 30 per cent this year. Mr Ross suggested that this may due to the fact companies are better equipped to deal with these attacks.

Barracuda Networks’ survey examined what type of email security breach is likely to be the most expensive, with 32 per cent of businesses in the Europe Middle East and Africa region pointing to ransomware as the most expensive threat to deal with. This is largely due to the cost of a direct payment to regain access to their own systems and information.

He said that it was “no surprise” that nearly three quarters (74 per cent) of attacks come via email, with web traffic (18 per cent) and network traffic (18 per cent) next. This is an increase on 2017, where email was identified as the cause in 70 per cent of cases.

Mr Ross urged businesses to back up their data regularly and adhere to the 3-2-1 backup rule, which means making three copies of all data, storing them in two different environments and keeping one backup offsite. He said that this would mean “it is possible to significantly limit ransomware’s impact on an organisation and ensure that affected businesses are not forced into paying for a decryption key which may never be sent”.