Ransomware attacks hit Small Businesses the Hardest

Datto Incorporated, an American cybersecurity and data backup company, has announced new findings from their third annual Global State of the Channel Ransomware Report, which found that ransomware continues to be the leading cyber-attack experienced by small-to-medium sized businesses. Ransomware is a kind of malware that threatens to make businesses data inaccessible until the ransom is paid. This report surveyed 2,400 managed service providers that provide IT support for nearly half a million small-to-medium businesses. The survey listed many negative impacts these attacks can have on a business. The lists included

  • The average ransomware attack is about 10 times costlier to a business than the ransom itself. On average these attacks can cost a business’s $46,800 and the ransoms averaging to $4,300 per attack.
  • 92 % or managed service providers predict that the number of attacks will continue at current rates or increase. More than 55% of managed service providers stated that their clients experience a ransomware attack in the first six months of 2018, and 35% said that their clients were attacked multiple times a day.
  • MSPs reported that about 85% or ransomware victims had anti-virus software installed. 65% of reported victims had email/spam filters installed and 29% had pop-up blockers.
  • Ransomware attacks on macOS and iOS platforms have increased five-fold.

One of the biggest reasons for ransomware attacks is CEO’s who are not willing to invest in protection. Michael Drake the CEO of masterIT, an MSP in Memphis Tennessee, says that many CEO’s think that they don’t have anything the hackers want so to them it isn’t worth the price. The report also stated that many attacks are unreported, the survey found that 25% of ransomware attacks are reported to authorities. Companies can take to strengthen their IT protection and prevent future attacks. Two of the most prominent ways for businesses to protect themselves is:

  • BCDR or business continuity and disaster recovery technology is the most effective: the report stated that 90% of clients with BCDR fully recovered in 24 hours. Additionally, businesses should create a response plan that includes detection, communication, cause assessment, recovery, and prevention.
  • Additional training for employees can help employees stay vigilant. Many ransomware breaches are successful through phishing (fake emails), malicious websites, web ads, clickbait etc.

The lessons that can be taken from this report is that the long-term investments will pay out in the future. If business owners only see from a short-term perspective i.e. cost of protection, the consequences will be catastrophic and damaging. Stealing has evolved over the years to become sophisticated and instantaneous. In the same vein much like how a business would lock up their building to prevent theft, a business needs to have proper IT protection to lock up their information.