While most of the cases are connected with fraudulent e-mails and phishing e-mails, 14 percent of businesses have come into contact with malware, botnet or virus related attacks.

Margus Danil, head of data centers and security solutions at Telia Eesti, said that of the businesses interviewed, 9 percent fell victim to attacks related to malware or botnets and 5 percent came into contact with a virus causing direct damage. Such cases may have meant hours or even days lost for the business until their normal working regime was restored.  

"We can see that ransomware attacks are on a growth trend, where leaked usernames or passwords are used and people's accounts are hijacked to get access to a business' information system. In addition, also so-called DDoS attacks have become more frequent, where servers are flooded with fake queries, as a result of which the service becomes inaccessible for the clients of the company," Danil said. 

Meanwhile, only one-third of the companies interviewed considered it likely that a situation of danger may occur in the next 12 months. 

Companies that have come into contact with cyber threats are 65 percent more likely to believe that such a situation may occur also in the future. The survey also revealed a connection between the level of IT security at a company and general perception of risk, as the better a company has protected themselves against risks, the more likely they consider the prospect of the emergence of a situation of danger to be in the future.

"Often risks are not acknowledged before something really happens," Danil said.

Respondents were also offered the possibility to say what should be done to increase the level of cybersecurity at their company.

"What came out was that many companies continue to have no understanding of how well or not well they are actually protected against potential threats. Businesses expect support from the state and need training for employees. From service providers the offering of more affordable security solutions and support services is expected foremost," Danil said, adding that the reason cited most often for not raising the level of security was that in the company's view the threats were not big enough, there was no money for that in the budget, or they simply hadn't found time to address the matter. 

The poll was taken by conducting online interviews at the end of October and in early November with 300 people responsible for cybersecurity at their company. The companies in the sample were divided into three groups: companies with 5-19 employees, companies with 20-49 employees, and companies with 50 and more employees.

--

Follow ERR News on Facebook and Twitter and never miss an update!