According to a survey despite the intensity and magnitude of attacks, Indian businesses are still not prepared to defend themselves against determined attackers
According to a survey conducted by network security firm Sophos, around 67 per cent of Indian organisations were hit by ransomware, and 38 per cent twice. Indian organisations paid a median cost of $1.17 million to rectify the effects of ransomware.
The survey, conducted in October and November 2017, covered 300 businesses in India in Delhi, Mumbai, Bengaluru, Hyderabad, Kolkata, and Chennai.
Overall, the survey polled more than 2,700 information technology (IT) decision-makers in mid-sized businesses in 10 countries - the US, Canada, Mexico, France, Germany, the UK, Australia, Japan, South Africa and India.
The survey concludes that despite the intensity and magnitude of attacks, Indian businesses are still not prepared to defend themselves against determined attackers.
“Ransomware can strike - again and again - to the same organisation.
"We are aware of cybercriminals unleashing four different ransomware families in half-hour increments to ensure at least one evades security and completes the attack,” said Sunil Sharma, managing director, sales, at Sophos India and the South Asian Association for Regional Cooperation (SAARC).
According to those affected by ransomware last year, the median total cost of a ransomware attack was $133,000.
The median total cost for Indian organisations stood at $1.17 million, for rectifying the effects of ransomware.
This extends beyond any ransom demanded, and includes downtime, manpower, device cost, network cost, and lost opportunities.
The attack methodology combined with the growth in ransomware-as-a-service and anticipation of more complex threats along with the resurgence of worms like WannaCry and NotPetya puts businesses in serious need of a security makeover, the survey said.
“In fact, more than 90 per cent of Indian IT decision makers surveyed affected by ransomware were running up to date endpoint protection, confirming that traditional endpoint security is no longer enough to protect against today’s ransomware attacks,” it added.
Photograph: Kacper Pempel/Reuters