One in four companies worldwide pay ransoms.
Ransomware is a blight on many companies’ existence, and as the work from home revolution takes hold, more and more of us are falling victim to its scam. Shorn of oversight and unprotected by corporate malware monitoring, users are starting to click more frequently on suspicious files and unleash ransomware on their networks.
Vast numbers of organizations have suffered attacks, according to data compiled by CrowdStrike, a cybersecurity company. The survey of 2,200 senior IT decision-makers and IT security professionals across all global industry sectors, with 200 UK respondents, found that 39% of organizations fell victim.
But of those who found their files locked up by ransomware, just 13% decided to stump up the cash to unlock them. That’s half the average worldwide of 27% who decided to pay up. Those who did give money to get back their data paid a lot of cash: at £940,000, UK ransoms are among the highest in the world.
Time to detect ransomware has increased
Though the numbers of victims are increasing, the speed at which ransomware is discovered and dealt with is slowing down. The average time it takes UK organizations to identify an intruder has gone up by more than 50% over the past year, from 39 hours in 2019 to 61 hours in 2020. That’s in part thanks to the shift to remote work, CrowdStrike say.
“The stream of high-profile ransomware attacks on UK businesses in the last 12 months – along with growing vulnerabilities caused by the lingering pandemic and geopolitical tensions – should encourage all businesses to continue to focus on their cybersecurity,” says Zeki Turedi, Chief Technology Officer EMEA at CrowdStrike. 63% of UK respondents believe that their organization will be at higher risk from cyberattacks due to the pandemic.
“In a remote working situation the attack surface has increased many times and security cannot be a secondary business priority,” Turedi says. “Just as with the spread of the Coronavirus in humans, any gap in defenses impacts the organization’s body, and can then lead to compromising partners and customers. Security is not only for the business, it’s for the business’s ecosystem.”
Different amounts paid by different countries
The vast scale of ransomware is evident, but the amount that people are paying when they fall victim does vary. Alongside the UK’s £940,000, German victims of ransomware pay an average of £800,000. France’s victims pay £560,000, while Italian companies that have fallen foul of an attack end up forking out just £300,000 on average.
The outlook for the future also looks relatively bleak. Nearly three-quarters of UK respondents believe economic recession leads to increased cybercriminal activity against their organization – which means it’s highly likely we’ll see more attacks as the economic impact of the coronavirus pandemic starts to bite.
Likewise, there’s another issue at hand here: it’s not just cybercriminals looking to make a quick buck that are the real risk. Cyberattacks are becoming state-sponsored things that become hugely difficult to counteract.
International tensions rise
63% of UK organizations believe that nation-state sponsored attacks will pose the single biggest threat to organizations like theirs in 2021, according to CrowdStirke.
Globally, the biggest threat is seen as China, although UK organizations are most concerned by Russia, which was named by 51% of those who were surveyed.
And that too is likely to continue: nine in 10 people believe that growing international tensions will result in an increase in cyber threats against organizations. UK respondents are most likely in the world to feel they’re at risk of being targeted by a hostile nation-state.
