Estimated reading time: 3 minutes, 12 seconds

Your Small Business Is Not Immune to Ransomware Featured

Your Small Business Is Not Immune to Ransomware "Laptop displaying a pirate flag \/ jolly roger on a red screen, possibly indicating malware, hackers or a different computer problem."

Ransomware has become one of the leading methods by which hackers target businesses. While many people may think that it is only big organizations that are targeted by ransomware attacks, the truth is that even the smaller businesses are not immune to such ransomware attacks. In fact, in many instances, hackers have turned their attention to small businesses because they lack adequate measures to counter them. The disruption of these businesses is costly for small businesses and governments in general. According to the World Bank, small and medium-sized businesses (SMBs) are critical in many world economies. They account for up to 90 percent of all businesses worldwide and employ more than 50 percent of people in employment.

Why Small businesses?

The majority of SMBs are ill-prepared to counter cyber-threats such as malware attacks, distributed denial of service (DDoS) attacks, and ransomware. This leads to downtimes which leads to losses in terms of revenue and production time lost. While the headlines tend to focus on larger companies such as Marriott or Equifax or government agencies and big educational institutions, it is always a mistake to believe that hackers are only interested in these large multinationals. Such attacks often occur because of a lack of adequate resources, few qualified personnel, and lack of proper training, among other issues.

Although big organizations often tend to be perfectly lucrative prey to attackers due to potential gains in case an attack succeeds, SMBs are often attractive due to a variety of things. First, there is an issue of a lack of resources to defend against the attacks. A report by Ponemon Institute states that SMBs have various issues in tackling cyber-risks, one of them being the shortage of personnel to deal with cyber-risks, vulnerabilities, and attacks. The second biggest problem facing SMBs is the limited budgets. Since ransomware attacks are highly sophisticated, the infrastructure and professionals to handle these issues are needed. This requires budgets that are often limited.  Most SMBs also have no clear approach to understanding and tackling ransomware attacks.

What attack vectors do attackers use?

There are many attack vectors that attackers use to perpetrate their ransomware attacks. However, the research by Ponemon points out to the employees as the weakest link that attackers often exploit. The most commonly used attack vectors by the attackers are phishing, mal-advertisements, spoofing, and social engineering. Social engineering and phishing are the two often used methods that take advantage of the employees' lack of knowledge to attack. Attackers send spoofing emails with malware and convince the employees to click on links.

What is the cost of ransomware attacks to SMBs?

The cost of ransomware attacks to SMBs is often high. According to a report by Datto, most of these losses mostly occur in the form of ransom being paid to the attackers. Datto averages the ransom being requested by the threat actors to be something around US$5,900. While money is the main thing being lost, other costs may be in the form of downtime, which Datto approximates cost more than 23 times the cost of ransom that the attackers in 2019 alone. The losses can also emerge from the amount needed to investigate the attacks, contain, and recover. There is also the loss of reputation and trust from the customers. Furthermore, you will face legal problems and probably pay for the information lost.

How can this be countered?

No one method can be used to counter ransomware attacks. Instead, you have to use a variety of approaches. The best way to fight these attacks is by training employees, updating your operating systems and having a business continuity plan, and backing up essential data to ensure that not everything is lost in case of a successful attack. Also, reduce the attack surface by disabling unnecessary networked devices and software. Lastly, have a multilayered security solution to protect your organization against different attacks.

Read 4255 times
Rate this item
(0 votes)
Scott Koegler

Scott Koegler is Executive Editor for PMG360. He is a technology writer and editor with 20+ years experience delivering high value content to readers and publishers. 

Find his portfolio here and his personal bio here

Visit other PMG Sites: