The real cost of ransomware: Protect yourself from cyberattack fallout

Ransomware remains the most common malware threat to small and medium-sized enterprises (SMEs). In the first half of last year alone, 61% of managed service providers (MSPs) reported attacks against their clients, sometimes multiple attacks in a single day.

At the same time, says Ryan Weeks, CISO at Datto, a recent survey of over 150 European MSPs reported that two in five SMEs had fallen victim to ransomware.

Ransomware report

Published annually, Datto’s European State of the Channel Ransomware report examines the threat from the perspective of the IT Channel and their SME clients – and it reveals that ransomware is impacting businesses more than ever before. Tracked year-on-year, the average ransom demanded by cybercriminals has increased, and is now around £2,000 (€2,274).

While this figure might come as a nasty shock to affected businesses, it is, however, in the aftermath of the attack when the real nightmare begins. Ransomware causes system downtime, and the downtime related to such attacks is also quickly increasing. It is up by 300% in Europe, while the global average is 200%.

Even more of a concern, system downtime from ransomware is hitting small organisations harder than their bigger counterparts. Currently, such attacks cost European businesses around £108,000 (€123,000) on average per incident, an eye-watering 54 times more than the ransom requested.

Lost productivity

And that is not all. More than half of the MSPs surveyed say their clients suffered a loss of business productivity after a ransomware attack, alongside lost data or devices and decreased client profitability (33%). One in five businesses admitted ransomware had damaged their reputation, with further repercussions down the line. What’s more, in a third of attacks the infection spread to other devices on the network – and in some cases, it even remained on the network and struck again.

It’s not surprising then that over half of MSPs think the devastating effects of a ransomware attack have the potential to bankrupt entire companies.

Reliance on workable back-ups

Ryan Weeks

While recovery is possible – and paying the ransom is not recommended – the ability to restore systems quickly relies on valid and workable system back-ups. Since it can be difficult to pinpoint the source of a threat or how long it has been in an IT environment, MSPs usually rely on a multitude of methods to help their clients recover.

These methods typically include reimaging the server, virtualising the system from a back-up image and running clean-up software. Every organisation, no matter how small, should have a robust remediation plan in place.

Here are nine steps every business should take to minimise its risks of being critically affected by ransomware.

  1. First of all, understand the threat and take it seriously: Datto’s survey found a staggering disconnect between MSPs and SMEs: 82% of MSPs are ‘very concerned’ about ransomware but only 8% reported that their SME clients feel the same, despite the business-threatening downtime implications.
  2. Be wary of phishing emails: These are still the leading cause of successful attacks (65%), followed by a lack of security training and weak passwords or poor access management. Poor user practices could be your weakest link, so educate all employees on how to deal with suspicious emails or websites. Training must be regular and mandatory.
  3. Consider two-factor authentication: Strong identity and access management reduces the risk of intruders.
  4. Review your patching practices: Fixing known security vulnerabilities should be the number one priority, so install patches as soon as they are released.
  5. Don’t rely on your defences: Clients regularly fall victim to ransomware despite having antivirus software, email filters and endpoint detection. These traditional solutions are an essential part of any security programme, but on their own they are not enough.
  6. Agree a business continuity and disaster recovery (BCDR) strategy: To minimise downtime, focus on how to maintain operations during and after an attack. A reliable BCDR solution that creates regular system back-ups is part of that strategy and the most effective tool to combat ransomware. Two in three MSPs reported that victims with a BCDR solution recovered from their attack in 24 hours or less.
  7. Remember your cloud is at risk, too: One in five MSPs reported ransomware attacks in SaaS applications such as Office 365 and Dropbox. Since ransomware is designed to spread across networks and applications, endpoint and SaaS back-up solutions for fast restores are critical.
  8. Outsource your IT: Strategy Analytics found that SMEs who don’t outsource are at greater risk from attacks. If you cannot afford full-time, qualified IT staff for 24/7 cyber security monitoring, use an MSP who has the resources to anticipate, and react to the latest threats.
  9. Choose your MSP carefully: MSPs are now also becoming targets of ransomware attacks. Make sure your MSP can implement a solid disaster recovery plan for all eventualities. Check if they have cyber liability insurance, and if they can fall back on external expertise in the event of a large-scale attack that affects both them and their clients.

Nine in ten MSPs predict the ransomware threat is only going to increase – and Internet of Things (IoT) devices and social media accounts will be among the next targets. Act now, and be prepared.

The author is Ryan Weeks, chief information & strategy officer at Datto.

Comment on this article below or via Twitter: @IoTNow_OR @jcIoTnow

RECENT ARTICLES

Surrey leads new £8 million FORT centre for advancing secure networks

Posted on: March 18, 2024

The Engineering and Physical Sciences Research Council (EPSRC) announced that Surrey’s 5G/6G Innovation Centre will lead a new £8 million Centre for Doctoral Training in Future Open Secure Networks (FORT). 

Read more

Protecting assets with LTE, NTN & 5G LPWA

Posted on: March 15, 2024

In this compelling piece, part of the Key Industry Insights Series, Analyst Robin Duke-Woolley of Beecham Research and Kevin Guan of Fibocom, explain how LTE Cat 4/1/1bis/M, NTN and 5G LPWA are working to change the game for protecting goods and supply chains with total, global coverage asset tracking for reduced losses and improved operations

Read more
FEATURED IoT STORIES

What is IoT? A Beginner’s Guide

Posted on: April 5, 2023

What is IoT? IoT, or the Internet of Things, refers to the connection of everyday objects, or “things,” to the internet, allowing them to collect, transmit, and share data. This interconnected network of devices transforms previously “dumb” objects, such as toasters or security cameras, into smart devices that can interact with each other and their

Read more

The IoT Adoption Boom – Everything You Need to Know

Posted on: September 28, 2022

In an age when we seem to go through technology boom after technology boom, it’s hard to imagine one sticking out. However, IoT adoption, or the Internet of Things adoption, is leading the charge to dominate the next decade’s discussion around business IT. Below, we’ll discuss the current boom, what’s driving it, where it’s going,

Read more

9 IoT applications that will change everything

Posted on: September 1, 2021

Whether you are a future-minded CEO, tech-driven CEO or IT leader, you’ve come across the term IoT before. It’s often used alongside superlatives regarding how it will revolutionize the way you work, play, and live. But is it just another buzzword, or is it the as-promised technological holy grail? The truth is that Internet of

Read more

Which IoT Platform 2021? IoT Now Enterprise Buyers’ Guide

Posted on: August 30, 2021

There are several different parts in a complete IoT solution, all of which must work together to get the result needed, write IoT Now Enterprise Buyers’ Guide – Which IoT Platform 2021? authors Robin Duke-Woolley, the CEO and Bill Ingle, a senior analyst, at Beecham Research. Figure 1 shows these parts and, although not all

Read more

CAT-M1 vs NB-IoT – examining the real differences

Posted on: June 21, 2021

As industry players look to provide the next generation of IoT connectivity, two different standards have emerged under release 13 of 3GPP – CAT-M1 and NB-IoT.

Read more

IoT and home automation: What does the future hold?

Posted on: June 10, 2020

Once a dream, home automation using iot is slowly but steadily becoming a part of daily lives around the world. In fact, it is believed that the global market for smart home automation will reach $40 billion by 2020.

Read more

5 challenges still facing the Internet of Things

Posted on: June 3, 2020

The Internet of Things (IoT) has quickly become a huge part of how people live, communicate and do business. All around the world, web-enabled devices are turning our world into a more switched-on place to live.

Read more