More than a third of British businesses (36%) are not ‘very confident’ that efforts to completely eradicate a recent ransomware attack from work systems have been successful.
That’s according to research commissioned by Citrix and carried out by One Poll, which also reveals that almost half of large British businesses (45%) have fallen victim to a successful ransomware attack.
The scale can be profound as well, with IT often facing significant numbers of infected devices. On average, businesses reported that 47 devices had been infected in their most recent ransomware attacks. However, one in three victims in the survey (33%) saw more than 100 devices affected by ransomware in recent attacks. Less than a third (31%) saw 25 or fewer devices affected.
“Falling prey to a ransomware campaign can have a devastating effect on a business, from the loss of highly sensitive corporate data to reduced revenues and a sharp decline in public trust,” said Chris Mayers, chief security architect for Citrix. “It’s worrying to see many businesses are concerned that ransomware may be lingering on the corporate network after mitigation efforts have taken place, particularly when it can spread across many different devices.”
He added, “Setting robust cyber-standards is a crucial first step to addressing this. By using technology, which focuses on the secure delivery of data and apps to all devices and desktops – including the capability to wipe them remotely – organisations are safeguarded from losing devices and critical data to cyber-attackers.”
Although British businesses are increasingly threatened by this strain of malware, the survey revealed that more than one in 10 (11%) of large organizations still do not have a formal ransomware policy in place. Further, almost two-fifths of these unprepared businesses are not planning to implement a ransomware-focused policy in the next 12 months.
Conversely, half of the group confirmed that firm plans are in place to put such a policy into practice in the next year.
“Cybercriminals are continuing to exploit British businesses by launching ransomware attacks to remove access to mission-critical data or to make significant sums of money by demanding large ransoms for the safe return of such data,” Mayers said. “Despite this, many organizations have yet to take action and implement policies which will ensure the IT network is well prepared for a possible attack.”
He added, “By committing to robust cybersecurity techniques and ensuring specific policies are in place in case of an attack, companies can lessen the chances of falling prey to ransomware and creating any vulnerabilities for cyber-attackers to find.”