At this moment, thousands of small businesses in the U.S. are losing around $8,500 per hour of downtime due to ransomware, according to Aberdeen Group, or more than $75 billion per year. These cyber attacks literally hold data for ransom, and since organizations are only as strong as their data, ransomware can easily wipe out even the most stable of businesses in the blink of an eye. If that situation doesn’t earn a spot on your worst-case scenario list, consider that the cyber criminals perpetrating such attacks rarely suffer consequences, honing their craft while they bring businesses to the ground.
Today, the majority of ransomware attacks are conducted by large, sophisticated criminal organizations with massive reach. There are a wide variety of ransomware strains out there, each with unique properties and behaviors. However, many business owners underestimate the scale of the ransomware threat and are woefully unprepared to deal with an attack. To avoid an oversight that could kill your growing business, entrepreneurs need to get educated about today’s security threats and heed advice from the IT community and authorities.
When ransomware hits, small businesses suffer.
In a recent survey by Datto, more than 91 percent of IT service providers reported that their small business clients were victimized by ransomware in the past year; and 40 percent experienced six or more attacks in that same timeframe. With fewer resources on hand, smaller organizations are less prepared to withstand the downtime that typically follows a security incident than larger, more established businesses.
Although ransomware is a widely recognized threat, a lack of incident reports prevents federal agencies from fully investigating the issue. Last year, nearly 2,500 complaints about ransomware were registered with the FBI representing more than $1.6 million in damages alone. However, the true ransomware numbers are likely to be far higher, as Datto’s survey showed that less than one in four ransomware incidents are actually reported to authorities.
Three priorities can save your business: education, security and data protection.
Ransom demands are typically fairly low, typically between $500 and $2000 -- but that’s only a small fraction of what a business stands to lose in an attack. It’s the revenue lost during the incident’s downtime that follows that can be devastating. For example, 63 percent of respondents to the survey said that ransomware attacks led to “business-threatening” downtime among their clients. This is because ransomware can completely halt business operations by denying access to critical data.
Protecting against ransomware requires a three-tiered approach comprising education, IT security and data protection. Ransomware is typically spread using emails designed to trick victims into opening attachments or links that install the malware on systems. In fact, Datto’s survey showed that phishing emails and lack of employee training are the top causes of ransomware infection. So, education for employees, partners, customers and the general IT community can go a long way in protecting businesses. However, attackers are constantly using (and improving) social engineering techniques, which enable their strains of malware to remain effective. That’s why a robust IT security strategy and up-to-date technologies are essential. Both endpoint and perimeter security solutions exist that target malware and mitigate the attack based on white and blacklists of viruses. However, driven by financial gain, ransomware is constantly being engineered to avoid detection by these reactive solutions.
Given the scale of the ransomware epidemic, the time has come to take a much more proactive approach to protection. Ensuring that your business data and systems are backed up regularly and restorable immediately is fast becoming the primary way businesses protect themselves from these attacks (and from any other unforeseen situation, such as accidental data deletion). In this way, it really doesn’t matter how and how often your business is targeted. Data is restored in seconds, business is uninterrupted -- and no ransom is ever paid.
Ransomware’s popularity doesn’t appear to be waning. Ninety-five percent of respondents to Datto’s survey said that ransomware attacks are becoming more frequent, while 97 percent predicted that attacks would continue to increase over the next two years. In other words, the time is now to protect your business against cyber extortion -- waiting might just lead to your worst-case startup scenario coming true.