Ransomware and the SMB
Updated: Apr 13, 2018
The proliferation and growth of Ransomware over the past few years has been one of the most notable stories in IT, particularly as it pertains to small and mid-sized firms (SMB's). As long as there are good guys creating IT systems to help companies be better, there will always be bad guys out there trying to exploit these IT systems in some way for their own interest. That's been the case throughout time and certainly way before computers and IT were invented and used for business. No matter what happens, there will always be good actors and bad actors, and they will always try to "one-up" each other. Such is the story of ransomware and the IT world.
All forms of malware (of which ransomware is a part of) are meant to be on the scale from annoying at one end to destructive and obstructionist at the other. Personally, I've never understood the motivations of those that create and try to exploit others in this way, but no matter what I think, it's the reality of the world we live in today. Unfortunately, it's become the "new normal." A reality we all have to deal with. The simplicity of ransomware is that someone is holding your data for "ransom"; that is until you pay to get access to your own data back. That is what it boils down to.
No company is immune to ransomware. Some industries might have more of a proclivity to malware/ransomware attacks, but in the end, no one is safe. Larger organizations tend to have better posture and protection against it, generally, because they tend to spend more money on IT and IT security; though not always the case. We've seen many larger organizations that have been hit with ransomware as of late, and these are firms that you would think would be immune and protected against it, based on who they are. Again, not always true.
New strains of ransomware continue to be created and released out into the wild daily. Moreover, as I mentioned above, no industry is safe from attacks. No customer size is safe. No operating system, cloud service, or device is safe. As I mentioned above in my first paragraph about good actors and bad actors, SaaS services such as Dropbox, Office 365 and G-Suite are becoming most at risk. How does that play into my analogy above? Well firms (the good guys) create these SaaS offerings to make the lives of people easier in how they do IT and run their businesses, and they bring tremendous benefits and are growing in adoption. Precisely because of this, and SaaS wide adoption, others (the bad guys) are increasingly focused on exploiting these SaaS solutions and the users of them. SMB's are very much a target today.
Currently, only around 38% of SMB's are concerned about ransomware. Most figure that it can never happen to me, it only happens to others, to larger companies. That is very much a false sense of security. It can and does happen to SMB's, and is a real threat to all organizations. Firms (no matter their size) can't put their head in the sand and decide to ignore the warnings of ransomware. Have I scared you bit? The intent is to get you thinking to realize it can happen to all of us.
Let me share some of the statistics that I've found to continue to reinforce what I've been talking about in my article:
As I mentioned above (and feel is important to point out again), only 38% of SMB's are concerned about ransomware. Think about that. Only about one-third of SMB firms are worried about it, even after all you see and read about on the news. BTW, that means that two-thirds of SMB's aren't concerned
About 5% of all SMB's have fallen victim to ransomware attacks. Surely, expect that number to rise as SMB's continue to be exploited
Around 67% of ransomware attacks target SMB firms
About 96% of ransomware attacks cause firms to lose their data for more than one day
Of those SMB's infected with ransomware, about 35% will pay the ransom, and about one third will not report it to authorities
Of those that pay the ransom, about 15% never recover their data. So even if they pay up, they still won't get their data back
47% of ransomware attacks demand a fee of between $500 and $2000. So they aren't asking for much money, probably so firms will not get the authorities involved
Ransomware viruses remain in a firms systems after an initial attack, that number is about 30%, so that firms can be attacked again, even after a ransom is paid
The leading cause of ransomware infections for SMB's? Lack of cybersecurity. Firms aren't educated enough to be sure what ransomware is, how it can affect them, and what to do about it
The driving force behind these attacks is money. That's what the bad actors want. In most cases, they don't ask for much money. We've seen within large firms (multi-billion dollar firms) where they only ask for a few thousand dollars. I believe they ask for smaller amounts so companies do not want to get authorities involved. Sometimes it might be easier to pay than to risk the embarrassment of the ransomware attack getting out in the public eye.
What are the issues that a ransomware attack causes to an infected firm? Access to data and your systems. Without that, business can come to a halt. The statistic I mentioned above is important: 96% of ransomware attacks cause firms to lose their data for longer than one day. What about the other implications of a ransomware attack? What if your customers find out that you had a ransomware attack and had trouble recovering, or couldn't recover, from the attack? What does that do to your reputation with your customers? Might they start thinking, if they can't protect their data and environment, how can they work with me and service me safely? It's a genuine concern.
What can be done?
Protecting from ransomware requires a multi-layered approach, not just a single solution. It starts with a good and reliable backup strategy and data recovery solution (BDR). With a stable BDR solution in place, the good news is 96% of SMB's can fully recover from a ransomware attack. Take a strong BDR solution, couple that with a suite of other security tools that can prevent an intrusion, provide predictive behavior (so when something happens, it triggers an automatic response), automatically update and give you visibility into your environment to monitor and manage your security, and you have a strong protection plan. Sound like something only for large companies? Use to be, but now there are many firms creating solutions specifically for small and mid-sized firms. By design, they are very cost effective, easy to use, and easy to set up and implement.
So don't discount the importance of what a ransomware attack can mean to you and your business, as it's a genuine threat and will continue to grow. You want to focus on running and growing your business, but don't overlook how it needs to be protected. Data security and protection from ransomware are not a "nice to have" today, but a necessity.
Investigate the solutions that are available and, if needed, engage one of your trusted partners to help guide you. Vicom, for example, has a Data Protection offering that is specifically for SBM's. However, whatever you do, don't be one of that 38% of SMB's that believe that ransomware can't happen to you. The chances are that someday, it will.