The Sophos report shows that in 2023, the most common source of ransomware attacks on Polish companies was phishing. Businesses are preparing for cyberattacks, but not enough – only 46% create backup copies of data, and 51% employ cybersecurity specialists or an internal SOC department.
According to the “State of Ransomware Poland 2024” study commissioned by Sophos, in 2023, every fifth company in Poland was attacked by ransomware malware. 28% of firms have not experienced a cyberattack but expect one in the future. On the other hand, every third company that was not attacked in 2023 does not foresee being a victim of cybercriminals in the future. 14% of representatives of the surveyed companies didn’t know or remember if a cyberattack occurred in their company in 2023, and 5% confirmed that an attack took place, but it did not utilize malicious software.
In half of the Polish companies attacked by ransomware in 2023, cybercriminals encrypted data, while in 39% of cases the attack was stopped before encryption. However, in every tenth company, attackers managed to gain access to digital resources but didn’t encrypt them.
Phishing remains effective
In the case of 32% of firms hit by ransomware in 2023, phishing emails enabled cybercriminals to infiltrate the victim’s IT systems. This was also the most common reason for attacks indicated by respondents.
Chester Wisniewski, Director of Technology at Sophos, emphasizes that the popularity of phishing as a method facilitating access to data in companies shows that they still have a lesson to learn about educating their employees. If a user receives a phishing message and then clicks on a malicious link, they’re doing the work for the cybercriminals and letting them into the company’s system. That’s why it’s so important to educate employees about what elements of a message should raise suspicion.
The other most commonly used methods by cybercriminals to gain access to attacked companies’ systems were security gaps (26%) and illegally obtained authentication data (22%). 15% of Sophos study respondents stated that fraudsters accessed the IT system due to unauthorized access or malicious activity of employees or other company-related people.
Technical solutions and artificial intelligence should support workers
In the surveyed companies, cybersecurity specialists play a significant role in protecting against cyberattacks. Half of the Polish entities employ their own experts or an internal security operations center (SOC) capable of stopping attacks. However, companies face budgetary problems. In 27% of companies, resources are lacking to increase the number of qualified workers, and 17% struggle to find them in the labor market.
Companies make backup copies and data recovery plans
Almost half (46%) of the surveyed companies use backup copies to protect themselves from the consequences of cyberattacks and ransomware. 31% of companies have a backup in the cloud, and 22% store it physically. Some companies use both methods. Nearly a third of companies have special protections against ransomware, such as protective software, network firewalls, or content filters. From the Sophos study, it is also apparent that businesses are turning to digital insurance to protect themselves against the effects of ransomware attacks. However, the Sophos report dedicated to cyber insurance indicates that in 2023, the average insurance company payout represented 63% of the total claim of the attacked entity.
In addition to using specific tools to protect against cyberattacks, companies create data recovery plans. Almost half of companies have a fully developed and detailed document, and 32% have such a plan, but it does not foresee all possible attack scenarios. Even if a company does not have a developed data recovery plan, it should at least have a business continuity plan in case of a cyberattack. 13% of companies in Poland have such a document. The good news is that only 3% of entities do not have either a data recovery plan or a business continuity plan.
About the study
The “Ransomware in Poland 2024” study was conducted in April 2024 using the CAWI method by UCE RESEARCH for Sophos. The respondents were representatives of 400 firms, holding a position in the IT department at least at the specialist level or a cybersecurity specialist in the company.
Source: https://managerplus.pl/co-trzeci-atak-ransomware-na-polskie-firmy-zaczyna-sie-od-phishingu-11611
