Webroot Global Report: Despite Recent WannaCry and Petya-based Ransomware Attacks, 71% of Organizations with 100 to 499 Employees Not Fully Prepared to Address IT Security Threats
August 2017 by Webroot
Webroot, the market leader in endpoint security, network security, and threat intelligence, shared the results of a new global report “Cyber Threats to Small- and Medium-Sized Businesses in 2017.” The study reveals that despite recent attacks like WannaCry and a Peyta-based ransomware, only 42 percent of small- to medium-sized businesses with 100 to 499 employees think they will be susceptible to this form of attack in 2017.
Webroot’s threat research from June 2017, which utilizes data from a variety of businesses, reveals more than 60 percent of companies have already been affected by ransomware, with the financial and retail sectors being hit the hardest. Despite this fact, ransomware is the threat IT decision makers are least concerned about globally (42 percent) with new forms of malware infections topping the list (56 percent).
In the UK, the research highlighted a false sense of security among IT decision makers (ITDMs). Even though 72 percent admit their businesses aren’t prepared to address external threats, 87 percent are confident their staff would be able fully address or eliminate an issue.
Explore the Results: www.webroot.com/gb/en/busine...
Key UK Findings:
ITDMs at small- to medium-sized businesses are most worried about new forms of malware infections (59 percent), mobile attacks (53 percent), and phishing attacks (48 percent).
When a business suffers a cyberattack, the consequences are felt both internally and externally. Almost 58 percent of ITDMs believe it would be more difficult to restore the company’s public image than to restore employee trust and morale. Underscoring the need for proactive security solutions, ITDMs estimate a cyberattack on their business where customer records or critical business data were lost would cost an average of £737,677 in the UK. Addressing the growing threat, nearly all (98 percent) ITDMs plan to increase their annual IT security budget in 2017 compared to 2016. Businesses currently manage IT security in various ways. One-fifth (22 percent) of businesses have in-house employees who handle IT security along with other responsibilities. Thirty-three percent use a mix of in-house and outsourced IT security support, while 25 percent have a dedicated in-house IT security professional or team.
Ninety-two percent of ITDMs believe outsourcing IT solutions would protect their organization against threats and increase their bandwidth to address other areas of their business. Among businesses who do not currently outsource IT security, 82 percent will likely use a third-party cybersecurity provider in 2017, representing a big opportunity for managed security providers (MSPs).
Adam Nash, EMEA Regional Manager, Webroot “The lack of concern about ransomware is leaving a gaping hole in the security of global businesses, as witnessed by the recent outbreaks of WannaCry and not-Petya. This combined with the UK’s false sense of security when it comes to businesses’ ability to manage external threats is worrying. Small- to medium-sized businesses can no longer afford to put security on the back burner and need to start engaging with the issues and trends affecting the industry. Enlisting the help and expertise of a Managed Security Services Provider is one way to implement a secure, layered approach to combat external threats.”
Michael Donkin, Director, The IT Dept “As an IT Support consultancy in the UK, we know many SMBs fear cybersecurity attacks, but do not always address such concerns as fully as they perhaps should, which is borne out by this survey. Better, safer practices could be utilised by most of our clients, but immediate budgetary concerns can take precedence. We recommend Webroot SecureAnywhere Business Endpoint Protection to all of our clients as one of the best weapons in their armoury against the increasing threat of cyberattacks. We combine this front line antivirus protection with other elements, such as anti-spam measures, firewall configuration, a quality data backup solution, employee awareness, and a healthy dose of common sense.”
Advice for Small- to Medium-Sized Businesses:
· CROSS THOSE Ts: Being prepared is crucial. Create a plan of action to respond to any type of breach that includes outside resources, like an MSP, who you can enroll for assistance.
· EMPLOYEE EDUCATION: Workers may not know how to avoid phishing and other types of attacks. Investing in regular security training is a great way to prevent attacks.
· DON’T FORGET MOBILE: Employees’ mobile devices are doorways into business networks, and can leave them vulnerable to unseen risks. Reliable mobile security is essential to protect from malicious applications.
· SPEND WISELY: Look to allocate any additional budget you may have where risks are highest. If you’re unsure, ask a security expert or your MSP where your vulnerabilities lie.
· UPDATE SOFTWARE: Keep business devices up-to-date with the latest software and security patches.
· BEWARE OF RANSOMWARE: The U.K. is consistently one of the most phished nations, and phishing can lead to ransomware. Create a layered defence by implementing strong back-up and business continuity plans.