Small and medium business still think they are too small for anyone to want to attack, but yet over 50 percent of them have fallen victim to ransomware, a new report said.
On top of that, and of those that did fall victim to ransomware, 48 percent said they paid. Additionally, the average company had four ransomware attacks last year, and paid an average ransom of $2,500 per incident, and spent 42 hours dealing with the attack, according to the report conducted by the Ponemon Institute on behalf of security provider, Carbonite.
Cyber criminals were most likely to use phishing/social engineering and insecure websites to unleash ransomware, the report said. Respondents believe the cybercriminal specifically targeted their company.
In addition, companies were reluctant to report the incident to law enforcement because of concerns about negative publicity, the report said.
“We’re nowhere near the end of the ransomware threat,” said Norman Guadagno, chief evangelist at Carbonite, which provides continuous automated cloud backup services.
Of those who did not pay up, 42 percent said having a full and accurate backup was the reason.
Only 13 percent said their preparedness to prevent ransomware was “high.”
Only 46 percent of respondents said that prevention of ransomware attacks was a high priority for their company.
One reason could be that they don’t think the hackers will bother with them.
Security awareness remains high, however, the idea that anyone could fall victim to an attack seems to still be a foreign concept at 57 percent of respondents said their companies were too small to be a target of ransomware, according to the report.
According to the survey, 55 percent of companies said they thought it was either likely or certain that the ransomware also exfiltrated data.
Businesses should not only have anti-virus in place to keep ransomware from getting in, but also train their employees to spot potential attacks.
Along those lines, 29 percent of respondents said they were confident that their employees could detect risky links or sites, according to the survey.
In addition, the survey found an average of one or more ransomware infections go undetected per month and are able to bypass their organization’s IPS and/or AV systems, according to 44 percent of respondents. However, 29 percent of respondents say they cannot determine how many ransomware infections go undetected in a typical month.
Click here to download the report.