Could Your Business Survive a 21 Day Ransomware Shutdown?
Ransomware is one of the biggest threats facing any business that operates online today. Particularly worrying for SMB owners is that the stereotype of hackers in darkened rooms no longer applies. Instead, anyone so inclined can become a ransomware attacker, which represents even more of a challenge.
RaaS – Ransomware as a Service
Ransomware attacks can be highly lucrative for the people that carry them out, and they’re not solely restricted to those with advanced IT knowledge.
Anyone willing to pay for the software can set up a ransomware attack thanks to a new evolution in attack methodology, namely, RaaS or Ransomware as a Service.
You’ve probably heard of the dark web, an area of the internet out of reach of conventional browsers and, as the name suggests, a darker side of online connectivity. Anyone that ventures there won’t have a hard time finding ransomware services.
That low barrier to entry means that individuals no longer need both an appetite for criminal disruption and the tech skills to back it up. Instead, they can rent or buy the software used to carry out such attacks by paying a fee upfront or sharing the proceeds.
Worryingly, Ransomware as a Service is behind an estimated two-thirds of ransomware attacks.
This ease of access has helped to drive a spike in such attacks in 2021, and it has never been more critical for small and medium businesses to acknowledge that they might be a target, regardless of size.
21 Days of Downtime
An estimated 60% of SMBs never recover from a ransomware attack.
For those that do, most can expect an average of 21 days of downtime. That’s three entire weeks – more if you only count business days – with no access to emails, invoices, accounting systems, and any other digital information that enables your business to operate to its full potential.
Worryingly, the JPMorgan Chase Institute states that most small businesses can survive for just 27 days with complete cash flow interruption.
Could your business cope with a 21-day shutdown?
Let’s assume your business turns over $240,000 each year – or $20,000 per month. We’ll assign a generous profit margin of 40% after all expenses, leaving $8,000 in the bank each month.
It would take nearly three months to build up enough funds to cover a month without cash flow, and that’s without investing anything at all in growth.
Most businesses operate on monthly cycles. For example, invoices get paid, employees receive their salaries at least once each month, and so on.
RaaS attacks don’t follow the same cycle. 21 days without employee records, client data, and access to your accounts could be crippling.
As the number of ransomware attacks rises in 2021, so does the ransom itself. According to the Unit 42 Ransomware Threat Report, the average ransom has reached $300,000. That’s more than our example company’s annual turnover! So, it’s easy to see why the majority of affected SMBs never recover.
Prevention Trumps Cure
Paying up may not be the best course of action. 80% of companies targeted by ransomware are attacked again shortly after that.
Even if your business could survive one attack, would it be able to withstand a second?
Never assume your business is too small to become a target. The rise of RaaS means that there are more ransomware attacks now than ever before. It’s all automated too. Your business may not yet be notable enough for a manual attack, but the bots that sniff out vulnerabilities don’t mind that at all.
If you face 21 days of inactivity due to an attack and decide it’s time to act, you’re potentially already too late.
Consider how your business would operate without access to its information. That’s the best way to understand how valuable it truly is. For most modern SMBs, no data means no business.
Let’s go back to the example of an SMB with a $250,000 turnover. In most cases, that’s a million-dollar business at worst. If you could get your hands on something worth a million and create a perfect copy of it for nothing more than five minutes of your time, would you?
Most people would say yes. That’s your business, and that’s all you need to do to make a backup.
Suppose you can take an exact copy of your business-critical data and keep on doing so whenever significant changes take place. In that case, you’ll immediately have built a more robust defence against ransomware attacks.
Keep that backup offline and out of reach of any ransomware. That way, there’s no need to pay massive sums to recover your information, as you already have it!
That’s just one of the steps you can take to stay safe. Combine it with employee education, email scanning, and dedicated IT oversight, and the 21 days of potential downtime will shrink to just a matter of hours. Contact us to see how we can help.