As we navigate the return to the office and the future of hybrid working, Irish businesses need to be prepared and proactive when it comes to cyber security.
Malicious attacks are a constant threat, with cyber criminals employing increasingly sophisticated encryption software to target companies of all sizes. For those that fall victim to ransomware attacks, the financial repercussions can be devastating – and they don’t always get their data back, even after paying thousands of euro.
In this article, we take a look at the risks and implications of ransomware for Irish businesses and outline the importance of having a proper cyber security strategy in place.
What is ransomware?
Ransomware attacks use a form of malware to gain entry to a system or database and encrypt the data, preventing access until the victim has paid a ransom. Ransomware is designed to spread quickly across networks, targeting databases and file servers.
Paying the ransom solves the immediate problem (sometimes!) but only encourages further attacks, putting billions of euros a year in cybercriminals’ pockets.
Massive ransomware attack on US companies
In July of last year, a US IT company based in Ireland was hit by a massive ransomware attack, one that was potentially designed to encrypt the data of up to 1,000 companies.
A Russian-speaking ransomware group is believed to be responsible for the attack, according to security firm Huntress Labs. They reported that the criminals targeted Kaseya, a Dublin-based software supplier, using its network-management package as a conduit to spread the ransomware through cloud-service providers.
A spokesperson for Kaseya reported that only a small percentage of their customers were affected by the attack. One of those was supermarket giant Coop Sweden, who lost access to their checkouts and had to temporarily close 800 of their stores.
Brian Honan, an Irish cyber security consultant, described it as “a classic supply chain attack where the criminals have compromised a trusted supplier of companies and have abused that trust to attack their customers”. He warned that it can be difficult for smaller businesses to defend against this type of attack because they “rely on the security of their suppliers and the software those suppliers are using”.
Irish businesses at risk from cyber attacks
In May 2021, Ireland’s health service was paralysed by a devastating ransomware attack, the scope and severity of which was unprecedented in the history of the state. Hospital staff were forced to revert to a paper system, increasing the chances of delay and risk for error, and thousands of appointments had to be postponed, including chemotherapy and other urgent treatments.
This attack, which is reported to have cost the HSE millions of euro, will not be the last unless Ireland seriously ramps up its cyber security efforts. A recent study revealed that Ireland is the sixth worst state for cybersecurity in Europe and, according to Aon’s Business Risk Index, ‘phishing’ is the number one cyber risk facing Irish businesses today.
The survey of over 160 companies found that cyber security remains a principal concern, with 1 in 4 employers concerned about possible ransomware attacks on their business.
Another survey by Auxilion reported that suspicious emails, scam calls and hackers gaining access to webcams are among the main security concerns associated with working from home. According to the survey, 30% of Irish office workers admitted to clicking on a link or attachment in an email from a sender they didn’t recognise.
Furthermore, 12% of respondents wouldn’t immediately tell their employer if they realised the device they were working on had been compromised with malware or ransomware.
Financial implications of ransomware attacks
In a recent survey of more than 200 Irish SMEs, Typetec found that 52 percent of them have paid a ransom to a cybercriminal. The average ransom amount paid was €22,712 and even after paying, 27% of business owners were not able to restore all the affected data.
Furthermore, 60% reported that sensitive data was leaked on the dark web, despite paying a ransom, and 57% now keep a cryptocurrency reserve in case they are needed for this specific reason.
These figures are a stark reminder that Irish companies are certainly not immune to cyber attacks, and businesses of all sizes need to put preventative measures in place before it’s too late.
How to protect against cyber attacks
Business owners must become proactive rather than reactive when it comes to cybersecurity because simply paying out ransoms in response to cyberattacks does not guarantee a successful restoration of your.
According to Aon’s Business Risk Index, there is an urgent need for organisations to change their approach and ensure new levels of cyber resiliency, including:
- Being able to move quickly and encompass new technology with digitalised end-to-end business processes
- Gaining a better understanding of the immediate impact of unpredicted situations to the supply chain
- Ensuring business models take a cross-functional approach to risk strategy
The Index also revealed that companies are taking steps to enhance their cyber resilience and preparedness: 40% have provided cyber-security training to employees over the past 18 months, while 40% have enhanced their data recovery and back-up systems.
Ransomware isn’t going anywhere and – in an increasingly hybrid working world – Irish businesses simply cannot afford to ignore the risks. It is crucial to have a clearly defined and well managed cyber security strategy in place to protect against ransomware and other malicious attacks.
Calnet offers affordable and effective Cyber Security Awareness Training to help reduce the risk of your business falling victim to a cyber attack. We also provide safe and secure cloud backup solutions and disaster recovery plans to suit all kinds of businesses.