Small Businesses at Risk from Ransomware

While ransomware operators are increasingly demanding hefty ransoms from multinationals, it’s small and medium sized businesses who bear the brunt.

A recent report found that 85% of managed service providers have reported attacks against small and medium sized businesses (SMBs). Worryingly, only 28% of SMBs see ransomware as a threat. The report, from cybersecurity software company Webroot, also found that 64% of businesses attacked suffered downtime as they rushed to get backups restored, and the average cost of this downtime was $141,000, with the average ransom demand being $6000.

Another report, conducted by cybersecurity company Cymulate back in September of this year, found that 28% of respondents, made up of IT, cybersecurity and leadership, had been targeted by ransomware at their organisation. A silver lining here is that the report found that a majority of respondents undertook measures to prevent the attack before it could deal significant damage, with most not even suffering any downtime. Additionally, 85% of respondents are adopting offensive cybersecurity solutions, 70% report increased awareness of ransomware at higher levels of their organisations, and more money is being budgeted to protect against the threat of ransomware.

Just because cybercriminals are increasingly targeting big business and demanding huge ransoms – the largest pay-out is believed to be $40 million – that doesn’t mean small and medium sized businesses aren’t at risk. At a US Senate Judiciary Committee hearing in July this year, the chair, Senator Derbin, pointed out that small businesses make up more than half of ransomware victims. He commented: “Ransomware does not just affect the deeper pockets of large companies like Colonial Pipeline and JBS…Small businesses already operate on thin margins, and many have been pushed to the brink by the pandemic”.

There are a number of steps small and medium sized businesses can take to protect themselves against ransomware. Firstly, always make sure your operating system is up to date, and that the latest security updates are installed. The fewer vulnerabilities there are to exploit, the less at risk your business is. The WannaCry ransomware attack back in 2017 famously succeeded because NHS trusts were using Windows XP, after Microsoft had ceased providing security updates. Secondly, never click on an email link unless you are certain it’s safe – and teach staff this, too. Thirdly, always make sure you have your data backed up, including one off-site.