Editorial

UK businesses vulnerable as back-ups remain exposed to ransomware attacks

4 in 5 businesses says they have experienced at least one ransomware attack in the past year

Posted 9 September 2021 by Christine Horton


UK businesses are not sufficiently protecting the backups, or backup systems, they say would be critical to their recovery should a cyberattack occur.

That’s according to research from UK-based cybersecurity software vendor Osirium Technologies. The Osirium Ransomware Index, which surveyed 1,001 IT managers in the UK, found 80 percent of small businesses rely on backups as a plan of recovery should a cyberattack occur, with 63 percent of these using online backups as a preventative measure in avoiding data loss.

Overall, 4 in 5 businesses (79 percent) surveyed admitted that they have experienced at least one ransomware attack, with 68 percent of these stating the attack occurred in the past year.

But despite 98 percent of respondents saying they were aware that backups are a target of ransomware attacks, more than half (56 percent) do not keep offline backups and only 35 percent take extra precautions to protect access to backups and backup management systems. 

“Online backups are at significant risk because, in the event of a ransomware attack, the backup system faithfully takes copies of the infected data and thus renders the backups useless,” said David Guyatt, CEO at Osirium.

“A multi-layered approach to managing these systems is needed. Keeping offline backups is key but protecting access to the backup management system and related backup files is critical to prevent infection. Nearly three quarters (73 percent) of respondents stated that backups are a key element to recovery, so more attention need to be paid to protecting them.” 

Greatest ransomware concerns

The research also showed that more than half (58 percent) of UK businesses only feel ‘somewhat prepared’ for the eventuality of a ransomware attack. Alongside online backups (54 percent), training staff about ransomware (52 percent) and relying on hard drive/offline backups (50 percent) were the other methods most cited in preparing for a ransomware attack.   

If they were to fall victim to a ransomware attack, the main and immediate concerns for the IT managers surveyed would be backup failure (31 percent), data protection/GDPR breach (28 percent), sensitive and financial record breaches (27 percent) and overall costs to the business (27 percent). However, one in 10 also added they would also stress about the prospect of being fired