20pc of Irish businesses have been held to ransom by hackers

31 Mar 2016

So far in 2016, 20pc of Irish businesses admit being held to ransom by hackers. 93pc say they would never stump up but, faced with reality, they will

Some 20pc of Irish businesses have fallen victim to ransomware attacks in the past year, where hackers have demanded payment for the return of sensitive data or access to their systems.

However, despite these attacks, 93pc of 137 senior IT decision makers in Irish businesses have said that they would never pay a ransom to hackers, according to a survey carried out by Data Solutions and TechPro.

The frightening truth is, however, they will probably inevitably pay up to regain access to their IT systems or avoid the fallout of sensitive data being leaked publicly.

Our recent report on the future of security pointed to research by Cisco that highlighted how, in 2015, cyberattacks continue to be a profitable business for cyber-criminals, who are refining the way they attack back-end infrastructure.

Last year, Cisco, with the help of Level 3 Threat Research and Limestone Networks, identified the largest Angler exploit kit operation in the US, which targeted 90,000 victims every day and generated tens of millions of dollars a year by demanding ransoms off victims. Cisco estimates that, currently, 9,515 users in the US are paying ransoms every month, amounting to an annual revenue of $34m for certain cybercrime gangs.

Firms fear adverse publicity and fines arising from a data breach

According to Data Solutions managing director Michael O’Hara, when faced with the reality of the situation and the inability to access their core IT systems, IT decision makers may have very little choice but to stump up.

“93pc say that they would never pay a ransom, but faced with the reality of an actual ransomware attack I think you’d find most would,” O’Hara said.

“Every business has sensitive or mission-critical data and ultimately it would come down to a business decision if that was under threat.

“Less than 10pc have complete confidence in their information security measures and this highlights the pressing need for companies to take the threat of these and other forms of cyberattacks more seriously.”

The survey found that 80pc of Irish businesses have actually upgraded their IT security in the past year and 55pc expect to spend more on security measures in 2016 than they did in previous years.

Top of IT decision makers’ minds is the risk of data loss or disclosure resulting in negative publicity as a direct result of cybercrime, with 55pc admitting this was their main concern.

Other causes of concern were DDoS attacks – which recently plagued Irish government and public sector websites and the national lottery – social engineering and data destruction.

Almost half of respondents said they were concerned about attacks through the supply chain

Nearly a quarter (23pc) admit that they do not build specific requirements for information security into the contracts of third party suppliers.

This is a 12pc increase from last year’s research, and highlights that businesses are at even higher risk of a breach in the supply chain, the cause of many high-profile breaches such as the attack on retail giant Target.

The survey was carried out by Data Solutions and TechPro in February and March 2016 ahead of the Data Solutions Secure Computing Forum on 12 May.

Man handing over money image via Shutterstock

John Kennedy is a journalist who served as editor of Silicon Republic for 17 years

editorial@siliconrepublic.com