In recent years, ransomware attacks have become one of the most serious threats to companies and institutions worldwide. In 2023, 59 percent of businesses globally and 20 percent in Poland fell victim to these attacks. Research from Sophos shows that in Poland, the proportion of entities in which cybercriminals encrypted data after a successful attack was lower than globally. Reports also show that Polish entities recover data faster, typically taking no more than a week, compared to a global average of a month.
The results of Sophos’ reports clearly illustrate the difference in the scale of ransomware attacks between Poland and the worldwide average in the last year. While one in five companies in Poland reported that they fell victim to ransomware in 2023, globally, the proportion was as high as 59 percent.
– This result may create misleading optimism and suggest that Polish entities are less vulnerable to ransomware attacks than businesses in other parts of the world, but this is not the case. Anyone anywhere in the world can fall victim to cybercriminals at any time, and the risk is high for every company, regardless of its size or the country in which it operates. The lower percentage of attacks in Poland can be associated with various factors, such as the digitalization level of companies, but also less accurate reporting – stresses Chester Wisniewski, Technology Director at Sophos.
Some countries, such as France, reported even higher attack rates than the worldwide average – up to 74 percent of businesses there reported a ransomware incident in 2023. Conversely, only one in five entities in the Czech Republic were attacked in this way. In Hungary, the proportion was even lower at only 7 percent. These variations can be attributed to many factors, such as local regulations, level of security, or the degree of digitalization of companies.
In Poland, Phishing is Most Common
The most common cause of ransomware attacks in Poland was phishing – mentioned by 32 percent of businesses who fell victim to it. Globally though, security gaps were the dominant method, exploited by cybercriminals in 36 percent of the companies affected by ransomware. Globally, malicious email attachments or links came in second place (34 percent).
– The threat landscape is constantly changing, but criminals continue to use methods that work best, such as phishing. Therefore, ongoing education remains one of the key protective measures in companies. The team must be well-versed in threats and protection mechanisms, and employees should be able to recognize potentially dangerous messages – points out Chester Wisniewski.
Globally, Cybercriminals More Often Encrypt Data
Another significant difference between Polish and international companies is the proportion of cases where cybercriminals managed to encrypt data. In Poland, in 2023 it happened in half of the ransomware attacks. Globally, this ratio was significantly higher and stood at 70 percent. Global research showed a slight drop in this figure compared to 2022 (from 76 percent to 70 percent), but according to the experts, this is still a very high level.
– A lower percentage of data encryption cases in Poland could suggest better mechanisms for preventing full attacks or more effective threat detection and response systems. However, considering that even in half of the cases resources are encrypted, it is necessary to continue investing in defensive systems and data recovery strategies – emphasizes the Sophos expert.
How Much Time is Needed for Data Recovery After an Attack?
One of the indicators covered by Sophos’ research is the time needed for companies to recover data after an attack. Poland fares significantly better in this regard than the global average. Polish companies typically recover data within a week (24 percent), while globally, most firms (30 percent) take up to a month.
According to experts, the faster pace of data recovery may be due to the level of digitization in Polish companies. There are many small to medium-sized businesses in Poland, which use fewer digital solutions than large entities, thus store less data than larger companies. Therefore, their restoration after an attack takes less time than with corporations employing more staff.
How Much Do Companies Pay Cybercriminals?
Globally, the largest group, 33 percent of companies, paid between 1 and 5 million dollars to recover data after a ransomware attack. On the other hand, the majority of Polish entities paid the attackers below 100,000 złoty, which is significantly lower than the most common amount globally.
– Such a vast difference in the ransom amount may stem from the smaller number of large entities operating in Poland. Cybercriminals demand a different ransom amount from a company employing 20 people compared to a large firm with several thousand employees. However, it is worth emphasizing that paying a ransom does not guarantee the recovery of all data, and moreover, may incentivize cybercriminals for further attacks – underscores Chester Wisniewski.
Regardless of the differences in the scale of ransomware attack success in Poland and worldwide, they remain a serious threat. This requires constant attention and investment in security systems. Despite the lower percentage of companies in Poland that have been victims of ransomware, they cannot rest on their laurels. Primarily, they must continually improve the security of their data.
About the “Ransomware in Poland 2024” study
The “Ransomware in Poland 2024” study was conducted in April 2024 using the CAWI method by UCE RESEARCH for SOPHOS among 400 IT professionals.
About the “State of Ransomware 2024” report
The data from the “State of Ransomware 2024” report comes from a survey conducted among 5,000 cybersecurity leaders from January to February 2024. The respondents were from 14 countries from the Americas, Europe, Asia, and the Pacific region. The companies surveyed employed between 100 and 5,000 employees, and their annual revenues ranged from less than 10 million dollars to over 5 billion dollars.
Source: https://managerplus.pl/ataki-ransomware-w-polsce-mniej-powszechne-ale-wciaz-grozne-90402
