Business

Recently, from one of the companies, criminals demanded 900 thousand. ransom dollars. Polish business threatened with cyber attacks

30 percent Polish companies were dealing with a cyber attack. It is not known how many enterprises were victims of criminals. Losses around the world go into billions of dollars.

Recently, from one of the companies, criminals demanded 900 thousand. ransom dollars. Polish business threatened with cyber attacks
Recently, from one of the companies, criminals demanded 900 thousand. ransom dollars. Polish business threatened with cyber attacks
/ Shutterstock

January 2025 – Zakład Usług Komunalnych in Szczecin, Eurocert; March – hospital of the Ministry of Interior and Administration in Krakow, Smyk; April – Poviat Labor Office in Żory; June – Poznań Pathomorphology and Cytology studio; July – Herbapol, PWN; August 14 – Marma, film producer. These are just a few examples of companies, institutions and offices that have become the target of cyber attacks, and the public has been informed about them. The number of non -disclosed incidents is certainly much higher.

This week, the BBC Daily Business podcast channel published a podcast entitled “Is CyberCrime the Biggest Threat to Business”. The specialists in Cyber ​​security from around the world agree in affirmative – targeted attacks on companies, institutions and critical infrastructure become a scourge and a daily challenge for services and entrepreneurs. Only in the last few days criminals have broken into IT systems of a large telecommunications company COLT in London, to one of the companies of the Welcome Finance loan group in South Korea, to a company managing a network of oil pipelines and gas pipelines in Pakistan and to the producer of drugs in the USA. In each case, an attempt was made to take over the infrastructure and encrypt data to blackmail the victims and force the ransom to be paid for unlocking the systems.

Advertisement

According to the report “Economic effects of cyber attacks” prepared by the team of the main economist Velobank Global Losses for ransomware attacks on companies are estimated for 1-10 percent World GDP. The calculation of costs is difficult because the invoice includes a number of items: business break, restoration of production, expenditure on reproduction of infrastructure, often ransom. Added to this are indirect costs: image losses, loss of contracts, undermining reputation among clients, possible claims from those injured as a consequence of attacks. The IMF estimates direct losses at USD 28 billion.

There are no statistics for Poland, while the scale of damage caused by cyber criminals must be significant, because according to research, we are at the forefront when it comes to the recorded number of attacks aimed at business. According to Eurostat – quite historical, because of 2022 – it appears that as much as 30 percent. Polish companies employing over nine people have recorded such incidents.

“Polish enterprises report more incidents related to digital safety than the EU average, especially in terms of hardware and software failures. These incidents are much more common than in other EU countries, while other types of problems are at a similar level,” reads Velobank.

Hybrid war on NATO eastern flank

The most common incident in Poland and the EU was the failure of the hardware or software resulting in the lack of availability of ICT services. 27.4 percent domestic companies informed about such cases, while the EU average was 18.7 percent. Destruction or damage to data as a result of hardware or software failure is the second incident reported. In Poland, he affected 7.5 percent. companies compared to 3.9 percent in the EU. Slightly less than in the EU there were ransomware and DOS attacks – 2.9 percent reported them in Poland. companies, and in the EU 3.5 percent

Velobank analysts point out that the high percentage of companies reporting cyber security incidents also record other countries of the NATO eastern flank. The geographical location is the key to the answer to the question why Polish companies often experience cybernetic attacks. The ESET company reports that from the first half of 2025, Malware cases as much as 9 percent. was detected in Poland. More cases were recorded only in the USA and Turkey.

“Ukraine, Germany and France (7.5 percent each) also recorded high shares, which confirms that Central and Western Europe remain areas of intensive cybercriminitis. A total of 20 countries with the highest share were responsible for over 93 percent of global detecting, which indicates a strong concentration of threats in selected regions with a high degree of digitization, presence, presence, presence critical infrastructure or active involvement in armed and hybrid conflicts, “say the authors of the Velobank report.

Good place of Poland in cyber security rankings

It is courious that Poland is also relatively high in cyber security rankings. The MIT Technology Review magazine placed us in 6th place in Cyber ​​Defense Index 2022/23 – after Australia, the Netherlands, South Korea, the USA and Canada.

Velobank economists emphasize that “in the third place of South Korea and sixth place in Poland, geopolitics played in the ranking of points were played. Both countries were appreciated for effective repelling of attacks from neighboring countries – North Korea and Russia. Poland was appreciated, among others Cyberspace. “

The ITU International Telecommunications Organization in the report for 2024 includes Poland as a group of developing in terms of security ecosystem. We are here in the company of Israel. ITU points out the lack of sufficiently developed cyber security infrastructure – legal and regulatory.

Million cost of ransom

As mentioned, in Poland there is a lack of statistics regarding the losses that business suffers as a result of cyber attacks. Recently, we have such data on natural persons – the NBP has been published for a year – which showed a huge scale of damage caused by criminals. The annual cost of criminal activity exceeds PLN 0.5 billion. Individual, statistically, the losses are not high – the average is 8,000. zloty. It is similar with individual losses of companies. Velobank has attempted to estimate the average cost of the cybernetic incident in Poland, using the Statista data.

“The cost of cyber attack, destruction or loss of data amounted to PLN 32,000. This sum does not seem so high, but remember that this means that some companies have losses reaching a multiple of millions of zlotys,” the authors of the report conclude.

In the case of a recent attack on the Polish company, criminals were to demand 900 thousand. USD USD.

According to Sophos research, 42 percent The victims that paid the ransom transfer to cybercriminals to 100,000 PLN, 1/3 of companies are transferred to over 500,000 PLN, and 8 percent It pays even over PLN 5 million. 39 percent decided to pay the ransom. attacked companies. Unfortunately, nevertheless 6 percent. companies have lost all its data.

Policy from cyber attack. Only 14 percent have it. Polish companies

One way to protect yourself against losses caused by cyber attacks is to buy a policy. Only 14 percent are insured in Poland. companies, While in Denmark 71 percent, in Sweden 46 percent, and in Ireland 42 percent In France, the percentage of insured reaches 40 percent, and in Germany 32 percent There are, of course, countries where this percentage is even lower than in Poland. It is primarily Bulgaria, Lithuania, Hungary, Romania and other countries of our region of Europe, where only a few percent of companies use such insurance.


How to minimize the risk of cyber attack

  1. Investments in modern security technologies. New generation firewalls, XDR/ERD (Extended Detection and Response) class software, which supplements, and even replaces anti -virus software operating in the Expost mode on updated signatures of malicious software, detection and prevention systems (IDS/IPS) and tools for threat analysis (SIEM, SOAR, SOAR, or even platforms. AI-Driven to ensure the safety of operations supervised by SOC).
  2. Regular software update. The implementation of security corrections (patch management) eliminates software gaps
  3. Employee training. Regular training on identification of threats such as phishing and spear-dishing, which are the most common cause of ransomware infection.
  4. Data backup. According to the 3-2-1 principle, companies should have three copies of their data on two different media, with one copy stored outside the headquarters.
  5. Incident response plan. This plan should take into account the quick response, minimization of losses and communication both inside the company and outside, e.g. with regulators and clients.
  6. Access management. Limiting access to data and IT systems only to those who need it significantly reduces the risk of attacks
  7. Cybernetic insurance. The policy can cover some costs related to incidents such as data recovery, compensation for clients, as well as costs resulting from interruptions in operating activities
  8. Real time monitoring
  9. Audit and penetration tests. The implementation of the concept of IT projects in the SECURITYBYDESIGN model is also good practice. Already in the initial stages, it allows you to take into account the safety issues of implemented products, services or functions, and additionally imposes the obligation to carry out a positive penetration test of the solution before production startup
  10. Cooperation with regulatory bodies and the police. Companies should cooperate with domestic and international bodies such as CSIRT NASK, CSIRT KNF, Central Cybercrime Office

Scamming Out! 2.0

Banker.pli “Puls Biznesu” for the second time they initiated the action Scamming Out! -Information and educational campaign, aimed at increasing the interest of society and decision-making factors with a growing scale of threat from cyber-suses. We invite you to track the campaign on both websites and on the website dedicated to our campaign: scammingout.pl

Bankier.pl
Source:

Ashley Davis

I’m Ashley Davis as an editor, I’m committed to upholding the highest standards of integrity and accuracy in every piece we publish. My work is driven by curiosity, a passion for truth, and a belief that journalism plays a crucial role in shaping public discourse. I strive to tell stories that not only inform but also inspire action and conversation.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button