It Only Takes Seconds for Them to Take Everything! How Can Your SMB Handle Ransomware and Other Cyberthreats?
Ransomware is a business-critical risk that is simply too big to ignore. Such is its viability and value that it is no longer something that takes place out of public view. Instead, large ransomware groups operate in the open, almost as businesses in their own right.
From small companies to large multinationals, everyone with an online presence is a potential target. Crucially, no matter how well-defended your company is, it is vital to stay on your guard.
These attackers have a sense of humour too. Mere days after announcing it would no longer insure against ransomware attacks in France, AXA suffered an attack on its Asia Assistance division.
The Rising Threat of Ransomware
If there’s money to be made, there’s someone out there willing to try their luck. The average cost of recovery from a ransomware attack stands at $1.85 million in 2021.
Threat levels are on the rise as the concept is more sophisticated than many businesses give it credit for.
Commodity ransomware is the most familiar and involves automated attacks that seek to place software within networks, locking them down until data owners pay for a key. The infamous WannaCry worm, which greatly affected the UK’s National Health Service, is a notable example.
Human-operated ransomware is considered far more profitable. It’s higher risks for greater rewards as a real person infiltrates a company’s systems, tailoring the attack to make the best use of their newfound access. Such is the potential payoff that groups are willing to spend weeks on planning and infiltration.
A Business-Critical Threat
Be honest with yourself. Could your SMB survive if it lost all its data? Would the business grind to a halt if emails, passwords, invoices, records, and handbooks all disappeared in seconds?
The answer is “no” for the majority. 60% of small businesses close within six months of being hacked. The loss is too significant, or the costs are too high to continue.
But can’t you just pay the ransom?
You could – that’s the business model, after all. However, 80% of businesses that paid up after a ransomware incident were attacked again.
Furthermore, only 8% of businesses that paid in full got all their data back. Unsurprisingly, hacker groups aren’t big on customer service once they’ve received their payment.
The Stay Safe Strategy
As an SMB, you might feel like you’re immune to cyberthreats. Sure, you have less data than Acer, and you’re probably not as integral as the Colonial Pipeline. However, you do have data that’s important to you – probably important enough to pay to get back.
Experts predict a ransomware attack every 11 seconds in 2021. You might not have the same protections in place as larger companies to fend off such rapid efforts. That’s not to say you can’t take steps to protect yourself.
Back it Up
Ransomware powers through your corporate network, wreaking havoc as it goes. What if you have an identical copy of all your data separate from kept separate from your core network?
The ransomware can’t touch it.
It has long been best practice to back up business-critical information, even before ransomware went mainstream. Now, it’s more important than ever.
How often does your data change significantly? It could be once a month on invoice day. On the other hand, it might be daily with hundreds of orders and emails streaming in. Whatever the answer is, that’s how often you should take a backup.
Shutting everything down and putting it back isn’t ideal, but when the only cost is a little time, a couple of drives of data could save your business.
Human-operated ransomware thrives because it no longer relies on bots and automation. Humans on your side are the best defence. Ensure that the entire company understands the threat and that they’re trained to spot unusual occurrences.
Ensure your team knows to report logins under unfamiliar usernames or from odd locations. Encourage them to view anything they receive from external sources with scepticism.
Depending on the size of your business, your IT team might be small or even non-existent. You can do some of the work yourself, or it may be worth outsourcing to a specialist either as a one-off or on a retainer.
They can provide specific insight into how your company is vulnerable, ensure your software is up to date and add filters and firewalls to your network to block unauthorized access.
What you shouldn’t do is assume that you’re of no interest to attackers. They know that not every successful hack will result in payment – it’s priced into the business model. So, they scan for weaknesses automatically, and if you have them, they’ll find them.
Cybersecurity risks are a genuine threat to all businesses, and for smaller ones they can be fatal. So, shore up your defence’s and have a contingency plan in place for if the worst happens, and you will be ahead of the curve, ready to do business as usual if the worst happens.
Contact us for more information about cybersecurity and backup plans today !