Ransomware remains the most common malware threat to small and medium-sized enterprises (SMEs). In the first half of last year alone, 61% of managed service providers (MSPs) reported attacks against their clients, sometimes multiple attacks in a single day.
At the same time, says Ryan Weeks, CISO at Datto, a recent survey of over 150 European MSPs reported that two in five SMEs had fallen victim to ransomware.
Published annually, Datto’s European State of the Channel Ransomware report examines the threat from the perspective of the IT Channel and their SME clients – and it reveals that ransomware is impacting businesses more than ever before. Tracked year-on-year, the average ransom demanded by cybercriminals has increased, and is now around £2,000 (€2,274).
While this figure might come as a nasty shock to affected businesses, it is, however, in the aftermath of the attack when the real nightmare begins. Ransomware causes system downtime, and the downtime related to such attacks is also quickly increasing. It is up by 300% in Europe, while the global average is 200%.
Even more of a concern, system downtime from ransomware is hitting small organisations harder than their bigger counterparts. Currently, such attacks cost European businesses around £108,000 (€123,000) on average per incident, an eye-watering 54 times more than the ransom requested.
And that is not all. More than half of the MSPs surveyed say their clients suffered a loss of business productivity after a ransomware attack, alongside lost data or devices and decreased client profitability (33%). One in five businesses admitted ransomware had damaged their reputation, with further repercussions down the line. What’s more, in a third of attacks the infection spread to other devices on the network – and in some cases, it even remained on the network and struck again.
It’s not surprising then that over half of MSPs think the devastating effects of a ransomware attack have the potential to bankrupt entire companies.
Reliance on workable back-ups
While recovery is possible – and paying the ransom is not recommended – the ability to restore systems quickly relies on valid and workable system back-ups. Since it can be difficult to pinpoint the source of a threat or how long it has been in an IT environment, MSPs usually rely on a multitude of methods to help their clients recover.
These methods typically include reimaging the server, virtualising the system from a back-up image and running clean-up software. Every organisation, no matter how small, should have a robust remediation plan in place.
Here are nine steps every business should take to minimise its risks of being critically affected by ransomware.
- First of all, understand the threat and take it seriously: Datto’s survey found a staggering disconnect between MSPs and SMEs: 82% of MSPs are ‘very concerned’ about ransomware but only 8% reported that their SME clients feel the same, despite the business-threatening downtime implications.
- Be wary of phishing emails: These are still the leading cause of successful attacks (65%), followed by a lack of security training and weak passwords or poor access management. Poor user practices could be your weakest link, so educate all employees on how to deal with suspicious emails or websites. Training must be regular and mandatory.
- Consider two-factor authentication: Strong identity and access management reduces the risk of intruders.
- Review your patching practices: Fixing known security vulnerabilities should be the number one priority, so install patches as soon as they are released.
- Don’t rely on your defences: Clients regularly fall victim to ransomware despite having antivirus software, email filters and endpoint detection. These traditional solutions are an essential part of any security programme, but on their own they are not enough.
- Agree a business continuity and disaster recovery (BCDR) strategy: To minimise downtime, focus on how to maintain operations during and after an attack. A reliable BCDR solution that creates regular system back-ups is part of that strategy and the most effective tool to combat ransomware. Two in three MSPs reported that victims with a BCDR solution recovered from their attack in 24 hours or less.
- Remember your cloud is at risk, too: One in five MSPs reported ransomware attacks in SaaS applications such as Office 365 and Dropbox. Since ransomware is designed to spread across networks and applications, endpoint and SaaS back-up solutions for fast restores are critical.
- Outsource your IT: Strategy Analytics found that SMEs who don’t outsource are at greater risk from attacks. If you cannot afford full-time, qualified IT staff for 24/7 cyber security monitoring, use an MSP who has the resources to anticipate, and react to the latest threats.
- Choose your MSP carefully: MSPs are now also becoming targets of ransomware attacks. Make sure your MSP can implement a solid disaster recovery plan for all eventualities. Check if they have cyber liability insurance, and if they can fall back on external expertise in the event of a large-scale attack that affects both them and their clients.
Nine in ten MSPs predict the ransomware threat is only going to increase – and Internet of Things (IoT) devices and social media accounts will be among the next targets. Act now, and be prepared.
The author is Ryan Weeks, chief information & strategy officer at Datto.