Thursday, 3rd December 2020

Ransomware is SME's most significant risk

Anti-virus software fails to protect against increasing attacks resulting in high downtime costs.

Datto has published the findings of its third annual Global State of the Channel Ransomware Report, which found that ransomware, a kind of malicious software that threatens to make business data inaccessible until a ransom is paid, continues to be the leading cyber-attack experienced by small-to-medium sized businesses (SMBs) over viruses and spyware. The report surveyed 2,400 managed service providers (MSPs) that support the IT needs of nearly half a million SMBs around the globe. The survey also revealed the powerful impact these attacks have on businesses, including that:
 
  • Revenue lost to downtime can cripple a small business: The average attack is 10 times more costly to the business than the ransom itself, with attacks costing a business  $46,800 on average and the ransom requested averaging $4,300 per attack.
 
  • Attacks are frequent and expected to increase: More than 55% of MSPs stated their clients experienced a ransomware attack in the first six months of 2018, and 35% said their clients were attacked multiple times in the same day. Ninety-two percent of MSPs predict the number of attacks will continue at current or increased rates.
 
  • Antivirus software solutions are ineffective: 85% of MSPs reported that ransomware victims had antivirus software installed, 65% reported victims had email/spam filters installed, and 29% reported victims had had pop-up blockers, which failed to block ransomware attacks.
 
  • Businesses using Apple operating systems can be vulnerable: There was a fivefold increase in the number of MSPs reporting ransomware attacks on macOS and iOS platforms over the last year.
 
“The number one threat for small business CEOs is thinking they are immune to ransomware attacks,” said Michael Drake, CEO, masterIT, an MSP in Memphis, Tennessee who has helped clients recover from ransomware attacks. “They think they don’t have anything the hackers want, so it’s not worth the price to protect themselves. When something happens, they’re shocked by the cost to get everything back up and running. It’s mind-blowing.”
 
While the report findings alone are alarming, most businesses don’t report attacks. The survey found that less than one in four ransomware attacks are reported to the authorities.
 
“In the past five months alone, we’ve been contacted by companies we don’t currently work with for immediate support involving ransomware attacks,” said Jeff Howard, Founder and Owner, Networking Results, a Dallas and Fort Worth IT services and solutions provider. “Not only have ransomware attacks increased in recent years, but the problem may even be bigger than we know, as many attacks go unreported. While we encourage every victim to notify all relevant parties -- including their attorneys, insurance providers, FBI, etc. -- not all are quick to follow that counsel.”
 
“It’s time to think differently--businesses large and small, should plan for a ransomware attack. That way they are equipped to respond when it happens,” said Ryan Weeks, Chief Information Security Officer at Datto. “There are immediate steps that companies can and should take to increase IT resilience and prevent against future attacks. Integral to those steps include end-user training, endpoint protection, and an intelligent backup.”
 
When it comes to protecting small and medium-sized businesses, the report also found:
 
  • Business continuity and disaster recovery (BCDR) technology is deemed the single most effective method for ransomware protection: 90% of MSPs report clients fully recovered from an attack within 24 hours. In addition to BCDR technology, SMBs should work with their MSP to create a ransomware response plan that includes detection, communication, cause assessment, recovery, and prevention.
  • Employees need training and education to be the front line of defense: Many ransomware breaches are successful due to phishing attacks, malicious websites, web ads, and clickbait directed at small businesses. Ongoing training for employees to help them remain vigilant is a best practice for small businesses.

Palo Alto Networks has introduced what it says is the industry’s first 5G-native security offering,...
Sophos has published the Sophos 2021 Threat Report, which flags how ransomware and fast-changing att...
Acronis has acquired CyberLynx, a leading Israel-based cybersecurity consultancy firm with a presenc...
Research uncovers critical cybersecurity and compliance risks.
Advanced ransomware recovery enhancements and technology integrations bring ability to identify, res...
Nearly half (49%) of organizations plan to extend Cognitive and AI capabilities for security to dete...
McAfee has launched MVISION Marketplace, MVISION API and MVISION Developer Portal, part of the MVISI...
Latest addition to Cloud One platform is ideal for those migrating their servers to the cloud.