A lot has been written about the WannaCry ransomware attack that spread through the globe beginning on May 12 of this year. Perhaps due to the clever branding of the malware, the reaction to WannaCry has been remarkable. Companies from help desk ticketing vendors to log management software developers have personally called me attempting to sell me their product or service on the basis of its ability to stop ransomware like WannaCry. I can only assume that these sales teams, armed with scripts and little actual knowledge of WannaCry or ransomware in general, have been effective in executing this scare tactic approach, otherwise I wouldn’t keep seeing it. Time to set the record straight.
In 2016, the Ponemon Institute completed a study on the “State of Cybersecurity in Small & Medium-Sized Businesses (SMB).” The study had many interesting findings, with highlights including:
- 55% of small & medium business suffered a cyber-attack in the past 12 months
- 50 % reported data breaches involving customer & employee information in the last 12 months
- 3 out of 4 reported that exploits have evaded their anti-virus solutions
The results align with what we see every day with clients that call us for incident response and recovery services: