Fifth of firms hit by online ransom demands
A fifth of Irish businesses have been the target of online ransom demands in the past year while more than half of top IT professionals don’t believe their firms understand their own security systems, according to a survey by a leading cybersecurity firm.
The survey, carried out by information security company Ward Solutions, corresponded with 170 senior IT professionals and decision- makers in Ireland just prior to the recent WannaCry attacks, which saw 230,000 Windows-operated computers affected worldwide last month.
The results show Irish business has never been more vulnerable, according to Ward Solutions chief executive Pat Larkin.
He said: “It’s clear from the results of our latest survey that cyber-crime has continued to grow and evolve over the past 12 months, leaving Irish businesses more vulnerable to attack than ever before. Ransomware continues to present a real threat to companies.”
One fifth of businesses were subject to ransomware attacks in the past 12 months. While it did not reveal how many of the 20% targeted paid the ransom demand, 14% of the survey’s overall respondents said they would pay the ransom if the value of the data merited it. Almost 48% would not pay, regardless of the value of the data held to ransom.
Demands of less than €1,000 made up 64% of the ransomware attacks. Just under two thirds of respondents said their cybersecurity spend will increase in the next 12 months, while a similar number said they audit their employees on their awareness of information security best practices.
Mr Larkin added: “It’s interesting to see that just 14% of organisations would pay the ransom, while almost half would not pay, regardless of the value of the affected data. It’s re-assuring to see some organisations responding to the information threat by investing in their security protection, and employee training and auditing. The ‘human firewall’ is consistently one of your greatest strengths or weaknesses when it comes to protecting your information.”
However despite growing threats and the changes being implemented next year by the EU’s General Data Protection Regulation (GDPR), more than half of top IT professionals do not believe that their board has sufficient understanding of their current information security situation.
GDPR is designed to harmonise data privacy laws across Europe and to protect citizens’ data privacy.
It not only applies to organisations within the EU but also to firms that do business inside member states. Companies who fail to comply with the regulation can be fined up to 4% of annual global turnover, or €20m.
The GDPR was ratified following four years of negotiation, replacing the existing data protection directive. Unlike an EU directive, which can be implemented over a certain time, the regulation is made law once it begins in May 2018, meaning penalties can be imposed from day one.
Mr Larkin said: “The results indicate that there is still room for improvement when it comes to reporting security incidents to the authorities and affected third parties. This will hamper companies’ ability to achieve GDPR compliance, and so organisations need to ensure that they have the systems in place to quickly and effectively react in the wake of a data breach.”