On top of that, 40% of those professionals that use the workplace software say they have no recovery plan if any data is compromised in a ransomware attack. Ransomware attacks are a growing threat, and that’s been common knowledge in the tech community for several years now, with 70% of the biggest reported cyber attacks in the last year being ransomware, and 82% of ransomware attacks aimed at small businesses specifically.

Nearly One in Five IT Pros Overall Have No Recovery Plan

The report, out from security firm Hornetsecurity, drew on a survey of more than 2,000 IT leaders. Oddly, the research even shows that the number of IT pros without a data recovery plan in the event of a ransomware attack has risen since last year, even though the possibility of an attack has grown as well. In 2021, 16% of the survey’s respondents said they had no disaster recovery plan in place, a statistic that grew to reach 19% in 2022. That same stat grows to 40% when only looking at IT pros who work within Microsoft 365. But ransomware can sneak into a system in plenty of ways, and Microsoft 365 isn’t the only vulnerable system around.

What Are the Biggest Threats to Business Security?

Hornetsecurity found a laundry list of ways that both successful and failed ransomware attacks have been attempted across the past 12 months. Hackers always target the weak link in a security system, and that link is often an employee who are willing to download a file from a malicious email. Other ransomware attack problem areas include: ‘compromised endpoints’ (16.4%), ‘poor perimeter security’ (7.7%), ‘social engineering’ (7.2%), and ‘exploits (zero-day or other)’ (6.4%).

How to Stay Safe Online

End-user training can help employees learn what red flags will help to highlight a phishing email before it’s too late. But this training should be supplimented with software designed to flag potential threats and point them out to employees — it’s easy to slip into a less cautious state when you’re fielding dozens of emails every day. We’d recommend a good password management tool: Many of the top choices will flag suspect website logins, making them a great layer of security for dodging a phishing attempt.