September 9, 2016 by Canadian Underwriter
One cryptomalware attack can cost a small or medium business (SMB) up to US$99,000 on average, according to recent research from global cybersecurity company Kaspersky Lab.
And “despite the fact that cybercriminals do not guarantee the return of corporate data, 34% of entrepreneurs admitted paying extortionists,” Kaspersky Lab said in a press release earlier this week. The Corporate IT Security Risks 2016 study, conducted with market research company B2B International, involved a survey of more than 3,000 global representatives of SMBs.
Kaspersky explained in the release that the total damage caused by cryptomalware infection is a combination of a variety of factors, including partial or complete suspension of operations (internal business processes, financial transactions, etc.); the loss of valuable data (financial and project documents, customer or partner databases, etc.); reputational risks and more.
“In fact, the total amount of damage can be divided into two parts: the ransom and the related losses,” Kaspersky said. “The amount of related damage is, to a large extent, affected by shortcomings in the preventive work of the IT staff (poorly administered systems, outdated or missing backups, unreliable passwords, irregularly updated software, etc.).”
According to the Corporate IT Security Risks 2016 research, over 30% of SMB representatives reported the loss of a significant amount of data due to cryptomalware.
“As we can see, almost one-third of SMBs still believe that paying the ransom is the most cost-effective way of getting their data back,” said Vladimir Zapolyansky, head of SMB marketing at Kaspersky Lab, in the release. “The reality, however, is that the total damage for companies ends up being much greater and there is still no guarantee of recovering the corporate data in question. As criminals increase their efforts to make money by using cryptomalware, small and medium businesses should take preventative measures to minimize the risk of becoming yet another victim.”
The report noted that in 2015 and early 2016, Kaspersky Lab registered a “large number” of cyber incidents involving ransomware. Compared to the period of 2014-2015, the number of ransomware-based attacks on the corporate sector increased sixfold.
For the most recent study, 42% of very small businesses and 49% of SMB representatives said that they consider cryptomalware to be “one of the most serious threats that their organization can face.” Overall, about 67% of SMB representatives have reported “complete or partial loss” of corporate data due to cryptomalware.
SMBs, however, can adopt several tactics to deal with the threat of fast-paced cryptomalware, according to Kaspersky: