If you think that only big businesses are at risk of ransomware attacks, think again. Small- and mid-size businesses (SMBs) paid ransomware hackers more than US$301 million last year. While high-profile hacker attacks like the one at Equifax might get all the media attention, the reality is that it’s actually much more effective – and lucrative – for hackers to prey on SMBs, many of whom do not have any ransomware protection.
That’s the big takeaway from a major new report from Connecticut-based Datto, a business continuity service provider that recently surveyed more than 1,700 managed services providers (MSPs) who worked with more than 100,000 SMBs around the world to get a current look at how ransomware is impacting businesses. The report, State of the Channel Ransomware Report, found that 99 percent of the MSPs surveyed predicted an uptick in ransomware attacks in 2017 and into 2018.
In case you have not heard, ransomware is a malware attack which prevents access to your data by infecting your systems and encrypting your files. The attacker thus holds your data in ransom until a sum of money is paid.
Lack of ransomware protection puts SMBs at risk
The problem, quite simply, is that small businesses are not prepared for ransomware attacks like the WannaCry virus, and have not put in place the appropriate ransomware protection to harden their security defenses. As Robert Gibbons, CTO of Datto, points out, “SMBs often don’t have dedicated cybersecurity resources in place to begin with and their overall knowledge of cybersecurity is not often as sophisticated compared to larger organizations.”
Add in the fact that attackers often adopt a “spray and pray” strategy, in which they hit hundreds, if not thousands, of businesses at one time, and you have all the right conditions for a growing ransomware epidemic among SMBs. According to Datto’s estimates, nearly 1 in 20 of all SMBs worldwide have already grappled with the problem of ransomware.
To give you an idea of just how widespread these attacks are – and how crippling they can be for SMBs unprepared for this threat – 1 in 3 MSPs surveyed by Datto report that the ransomware encrypted the SMB’s backup. This means that the SMB is not able to recover from the attack by restoring the backup and discarding the ransomed files. Thus, what should have been a second line of defense – the backup – is no longer an option. Unless the backup is properly secured and preferably in a “remote” location like the Datto Cloud.
According to Datto, it’s not just the loss of data that poses a problem for unprotected businesses – it’s also all the downtime for a business as it attempts to piece together any data that might have been compromised. “The impact of downtime affects SMBs far more than the cost of ransom requests. Seventy-five percent of MSPs reported having clients who experienced business-threatening downtime as a result of a ransomware attack,” says Gibbons.
SMBs need to step up their game
Given both the scope and scale of the ransomware attacks being carried out by hackers worldwide, it’s clear that small- and mid-sized businesses need to step up their game when it comes to ransomware protection. It all starts, says Gibbons, with creating a strong perimeter defense and backing up their data and applications frequently. “First of all, it is essential that SMBs have the right combination of security solutions including backup. SMBs need protection on the frontlines including anti-virus software, email/spam filters, and ad blockers. t’s also crucial that these companies regularly update their various applications – something that often gets overlooked.”
That’s just the start of how SMBs need to harden their defenses against a ransomware attack. According to Gibbons, “Businesses need to have a backup and disaster recovery solution in place in the event that a ransomware attack happens. With a BDR solution, it can take a mere few minutes to roll back to a point in time before the attack hit and fully recover.”
Having a BDR solution in place means that, even if a company’s data has been compromised, it doesn’t have to pay the ransom. Right now, thirty-five percent of MSPs reported small business victims pay the ransom, 15 percent of whom do not recover their data. Those numbers can be lowered significantly if there’s a workable BDR solution in place.
“One piece of advice is to have a proper backup and disaster recovery solution in place because it means that if a ransomware attack does happen, the business does not need to pay the ransom – they can rely on the most recent backup and restore their data from that point,” says Gibbons. Another piece of advice for SMBs is to consider hiring a Managed Service Provider (MSP) because these MSPs are extremely familiar with cybersecurity threats such as ransomware.
Ransomware protection must extend beyond organization’s perimeters
Ransomware attacks are getting more sophisticated as well. The Datto report found that 26 percent of cloud-based applications – including apps that are hugely popular with SMBs such as Dropbox – might be at risk of a ransomware infecting attack. And the report also found that attacks are happening via devices – such as tablets used by workers outside of the office – that have little or no security protection.
It’s time for companies to understand how much of their business runs in the cloud, and how any cloud-based apps or cloud-based systems might be at risk of a ransomware attack. Keep in mind – advertisements for cloud-based apps that you see on the Internet or on TV never mention the security risks entailed or the need for ransomware protection from malware.
But that might be setting up SMBs for a false sense of security, says Gibbons. “Data stored in SaaS-based applications is not immune. Cloud apps such as Dropbox and Office 365 are hit with ransomware attacks and these are applications commonly used by SMBs. There is no single solution that can guarantee protection from a ransomware attack.”
And that might be the biggest single takeaway from the new Datto report: ransomware attacks are becoming so widespread and so sophisticated that companies need to take a multi-layered approach. This approach needs to include plenty of cybersecurity training for front-line employees.
“A multilayered approach is highly recommended, which includes anti-virus software, email and spam filters, updating and patching applications, ad and pop up blockers and cybersecurity training for employees,” notes Gibbons. “Cybersecurity training is perhaps the most overlooked and something that should be implemented by SMBs and enterprises alike.”
The good news is that, with proper training and the right ransomware protection in place, most ransomware attacks can be prevented. At some point, hackers will realize that trying to exploit a company’s defenses simply isn’t worth their time and effort.