Continuing our series on the state of ransomware in the UK, it appears that over a third of British businesses (36 per cent) are not ‘very confident’ that efforts to completely eradicate a recent ransomware attack from their systems have been successful.
The research — commissioned by Citrix and carried out by One Poll — quizzed 500 IT decision makers in companies with 250 or more employees across the UK to uncover the extent to which large British organisations are prepared for the threat of ransomware. The research also considered the proportion of businesses which have been targeted with a successful ransomware attack and the current impact of these attacks on corporate devices.
Prior planning (and policy) prevent poor performance
Almost half (45 per cent) of large British businesses have fallen victim to a successful ransomware attack. Despite this, 11 per cent of large organisations still do not have a formal ransomware policy in place. Although British businesses are increasingly threatened by this strain of malware, almost two fifths (38 per cent) of these unprepared businesses are not planning to implement a ransomware-focused policy in the next 12 months. Conversely, half of this group (50 per cent) confirmed plans are in place to put such a policy into practice in the next year.
Cyber criminals are continuing to exploit British businesses by launching ransomware attacks to remove access to mission-critical data or to make significant sums of money by demanding large ransoms for the safe return of such data. Despite this, many organisations have yet to take action and implement policies which will ensure the IT network is well prepared for a possible attack.
How widespread can a ransomware attack be?
The poll also dug into the extent to which ransomware attacks have affected corporate devices and systems, revealing that IT often faces significant numbers of infected devices. On average, businesses reported that 47 devices had been infected by their most recent ransomware attack but one third (33 per cent) of businesses with over 1000 employees reported that more than 101 devices were affected. Among those organisations which had fallen victim to a ransomware attack, less than a third (31 per cent) saw 25 or fewer devices affected.
Falling prey to a ransomware campaign can have a devastating effect on a business, from the loss of highly sensitive corporate data, to reduced revenues and a sharp decline in public trust. It’s worrying to see many businesses are concerned that ransomware may be lingering on the corporate network after mitigation efforts have taken place, particularly when it can spread across many different devices.
Setting robust cyber standards is a crucial first step to addressing this. By using technology, which focuses on the secure delivery of data and apps to all devices and desktops – including the capability to wipe them remotely – organisations are safeguarded from losing devices and critical data to cyber-attackers.
Citrix commissioned One Poll to conduct an online survey of 500 IT decision makers at companies across the UK with 250 or more employees between 18th November and 25th November 2016.