Sophos report shows two-thirds of Indian companies have been hit by ransomware

The Sophos report (opens in new tab), published on Wednesday, highlights the vulnerabilities of Indian businesses (opens in new tab). Not only have two-thirds of the companies have been targets of ransomware (opens in new tab), one-third have actually been hit twice.

Three percent of organisations of the world have spent $13.74 million (Rs 89.23 cr) to fix the havoc caused my ransomware on their systems. India, alone, is responsible for $ 1.17 (Rs 7.6 cr) of that expenditure, making India’s share the highest of the lot. 

Sophos polled over 2,700 IT decision-makers in mid-sized firms across 10 nations, including India. Other countries to be included were the US, Canada, Mexico, France, Germany, the UK, Australia, Japan and South Africa.

Why is this happening

Indian respondents claimed that these incidences took place despite the organisation running up-to-date endpoint protection in the event of a ransomware attack. According to the report and its data, this is mostly likely caused due to the fact that 70 percent of the companies did not employ any anti-exploit technology. This translates into the businesses becoming easy prey for complex threats and data breaches. 

Addressing the epidemic of unethical hackers Sunil Sharma, Managing Director Sales at Sophos India, stated, "We're aware of cybercriminals unleashing four different ransomware families in half-hour increments to ensure at least one evades security and completes the attack." 

So basically, the methodology that they employ ensures to find at least one loophole in the system if the company’s cyber security isn’t iron proof. 

To make matters worse, according to Sharma, "Persistent cybercriminals are deploying multiple attack methods to succeed, whether using a mix of ransomware in a single campaign, taking advantage of a remote access (opens in new tab) opportunity, infecting a server or disabling security software (opens in new tab).”

 How deep is the problem 

The overall picture that forms after analysing the report is that despite the intensity and magnitude of the problem caused by ransomware, businesses in India still have no concrete line of defense. 

What’s worse is that over 70 percent of IT-professionals when asked, were unable to determine correct definition of anti-exploit technology. This is extremely important since it plays a critical role in modern attack prevention. 

The global average of devices being infected per organisation with is around 46.09 percent but in India that average increases to 54 percent. The most vulnerable sector is the healthcare industry with a ransomware average of 76 percent.

What can be done?

Business that allow BYOD (bring your own device) and WYOD (wear your own device) at work should revise their security policies to address this unique situation (opens in new tab) that is, essentially, a trend on the rise. 

BYOD may make things easier for employees, but does increase the risk factor, which should be taken into account. Not only that, but employees should be informed about the vulnerabilities of technology and how to keep their own data safe.

Technology is already on the war path to address this problem and the nature of cybersecurity is continuously changing. Cloud computing (opens in new tab), the Internet of Things (IoT) (opens in new tab) and cryptocurrencies (opens in new tab) have all opened a whole new world of threats that need to be addressed. 

Prabhjote Gill is the Senior Journalist at Business Insider India. She covering everything space, tech and defence at Business Insider India. She is also in-charge of allocating stories to junior writers.