87% of SMEs would consider paying cyber criminals during ransomware extortion

As confidence in cyber security has grown among organisations, so have the tactics of bad actors and cyber criminals. A new report by ESET has revealed that Australian SMEs have the digital bullseye on them, with 60 per cent of them being targets for breach attempts or cyber security incidents over the past 12 months.

The spotlight has seemingly shifted from larger enterprises to smaller and more vulnerable businesses as the cyber security preventing such attacks may not be up to scratch. Respondents in the report agreed with this notion, with 76 per cent agreeing that smaller-sized businesses were more vulnerable to cyber attacks.

“Our report reveals that although SMEs are confident in their security measures and IT expertise, the majority still faced cyber security incidents over the past year. They feel more vulnerable compared to larger enterprises, underscoring the critical need for SMEs to enhance their security posture,” said Parvinder Walia, president of Asia-Pacific and Japan (APJ) for ESET.

Emerging as the top concerns for Aussie SMEs were email phishing and ransomware, with 72 per cent concerned about these threats, and an alarming amount even considering paying in the event of a ransomware.

“It is crucial for [SMEs] to understand that paying cyber criminals only perpetuates further cyber crime. Instead, they should focus on implementing proactive measures to prevent cyber attack,” said Walia.

It’s a dangerous game to play when paying in the event of ransomware, yet it’s understandable that some critical thinking would dissipate when put in a position of desperation and urgency to protect your business.

Oftentimes, paying ransomware doesn’t guarantee that the data will be recovered, and in some cases, businesses may actually be breaching Australian sanction laws, Commonwealth laws, and state laws by negotiating with the bad actors.

Instead of falling into this trap, immediately contacting trusted authorities should be the routine action.

The report revealed some of the potential safeguards that Aussie SMEs can deploy to dispel cyber crime from threatening their organisation.

• Increased investment in cyber security: Forty-two per cent anticipate a rise in cyber security spending over the next 12 months, with 18 per cent of these firms expecting to do so by more than 80 per cent. In contrast, firms in Japan and India exhibit a more aggressive approach, showing a stronger inclination towards increased cyber security expenditure.
• Potential third-party outsourcing: Thirty-six per cent of SMEs currently outsource a portion of their cyber security responsibilities to a third-party service provider, while 24 per cent manage cyber security in-house and do not plan to outsource. Looking ahead, 19 per cent intend to outsource some or all aspects of cyber security within the next 12 months.

This article was originally featured in Broker Daily's sister brand, HR Leader.