Ransomware Remains Biggest Cyber Threat To SMBs, Warns Datto

American cybersecurity and data backup Datto has warned that the biggest threat to small-to-medium-sized businesses (SMBs) is ransomware.

Its fourth annual Global State of the Channel Ransomware report surveyed more than 1,400 managed service providers (MSPs), and found that SMBs have become a prime target for ransomware criminals.

Earlier this week global technology firm Pitney Bowes became the latest in a very long line of companies, utilities, hospitals and cities and states to hit by the digital scourge.

Ransomware threat

The Datto report found that ransomware attacks are pervasive, and the number of ransomware attacks against SMBs is on the rise.

It found for example that eighty-five percent of MSPs reported attacks against SMBs over the last two years, compared to 79 percent of MSPs who reported the same in 2018.

And it is getting worse, as the survey also found that in the first half of 2019 alone, 56 percent of MSPs reported attacks against SMB clients.

But the report warned that a disconnect exists on the significance of ransomware as a threat. Eighty-nine percent of MSPs report that SMBs should be very concerned about the threat of ransomware. However, only 28 percent of MSPs report SMBs are very concerned about the threat.

This is despite the fact that the cost of ransomware is significant.

Sixty-four percent of MSPs report experiencing a loss of business productivity for their SMB clients while 45 percent report business-threatening downtime.

The average cost of that downtime is $141,000, a more than 200 percent increase over last year’s average downtime cost of $46,800.

The report also uncovered that the cost of downtime is now 23 times greater than the average ransom request of $5,900.

Protect now

Organisations can protect themselves can taking basic security steps and ensuring a rigorous backup regime is in place.

“MSPs need to set the tone for their SMB customers when it comes to preparing for and responding to ransomware attacks,” said Ryan Weeks, chief information security officer at Datto. “They need to protect themselves first by improving their organisation’s cyber hygiene in order to keep their clients safe. MSPs must adopt 2FA universally for any technology they use to service clients, as well as their own business.”

Security experts meanwhile agreed that SMB’s need to up their game when it comes to protecting themselves.

“SMBs will remain the target of ransomware until they up their game and start testing their backups,” said Jake Moore, cyber security specialist at ESET. “It’s not just the big players that are targeted with this malware, as smaller firms can sometimes forget about security procedures if they do not have designated IT staff.”

“Without the correct staff in place with an understanding of current cyber risks, such firms will sadly continue to fall for this simple attack, and some will even have pay the ransom,” Moore warned.

“Patching and protecting networks is always preferable to paying, so I strongly recommend offsite backups and continual staff awareness,” Moore added. “This doesn’t have to be expensive nor does it take out much time from day to day duties. Testing the restoration of backups is essential in simulating an attack. Many firms who test in a simulated environment say that if they are targeted, they are more likely to be back online with business as usual in a quicker time frame.”

Earlier this month the FBI issued a ‘public service announcement’ that warned about high impact ransomware, and advised against businesses paying the criminals, as there was no guarantee they will regain access to their locked data.

Do you know all about security? Try our quiz!