Friday, 21st September 2018

Ransomware costs European SMBs ?71 million in downtime

Datto has released its European ‘State of the channel Ransomware Report’. With responses gathered from Datto’s channel partner community of 150 Managed Service Providers (MSPs) serving more than one million small- and medium-sized businesses (SMBs) across Europe, the report reveals the current levels of understanding around ransomware and the frequency of attacks.

The report's key findings include:
  • Between 2016 and 2017, ransomware cost European SMBs ?71 million in downtime
  • The cost of paying ransoms is still seen as the least bad option to downtime for some, with 21 percent of SMBs handing over cash. However, of those that pay, 18 percent still don’t regain access to data
  • The average ransom request was between ?350 and ?1407
  • Eleven percent of MSPs reported that a ransomware virus remained on a SMB’s system after the first attack and struck again at a later time
  • Despite ransomware attacks’ increasing frequency, reporting figures remain low – fewer than 33 percent are disclosed to authorities. This could be due to SMBs unwillingness to reveal that they’ve fallen victim
  • A lack of cybersecurity training (45 percent) and phishing emails (42 percent) are cited as the leading causes of ransomware attacks
  • 94 percent of reported attacks happened despite anti-virus software being present
  • 54 percent of MSPs reported that SMB clients without a reliable backup and disaster recovery solution (BDR) couldn’t make a full recovery after an attack, 93 percent revealed that those that had one in place were able to.
Mark Banfield, SVP at Datto, provides the following comments on the report:
“The impact of ransomware can be threefold. The combined cost of the ransom, downtime and any reputation damage suffered can have a potentially business-threatening effect on a SMB, so there needs be a greater understanding around it. This can be helped by encouraging victims to report attacks. Providing authorities with real-life data that can be used to improve general awareness, prevention, detection and prosecution of perpetrators.
“It’s also alarming that a lack of cybersecurity training is cited as a reason for ransomware’s growing effectiveness. Many SMBs take their chances by not even providing basic training, but this simply increases the chances of phishing emails and other social engineering attacks being successful. Businesses must teach employees to identify the red flags.
“Defending against ransomware requires a multi-layered cybersecurity strategy. No single defence is enough – as proven by the number of attacks despite antivirus being in place. Cybersecurity training needs to be combined with malware blockers and detectors, with a reliable BDR providing the last line of defence. When SMBs take regular snapshots of networks, they are able to simply spin up systems from a healthy point should a ransomware attack take hold. Critically, this mitigates having to pay the ransom and the downtime suffered from not having access to critical data.”
ManageEngine, the real-time IT management company, is launching Browser Security Plus, a browser ma...
Industry veteran Roy Pickard has joined Flashpoint as channel sales manager for Europe, the Middle...
Exabeam and SecureAuth + Core Security have formed a collaborative relationship to secure enterpris...
Thycotic has released the findings from its 2018 Black Hat conducted survey of more than 300 hackers...
Tenable's  research team has discovered a zero-day vulnerability which would allow cybercriminals to...
Organisations say protecting client information is the highest priority.
Banca di San Marino safeguards its private and corporate banking operations with Juniper Networks’...
Through ongoing integration development with RapidFire Tools, Kaseya also announces Kaseya Complian...