By Ryan Weeks, CISO at Datto.
In the global Covid-19 pandemic, many businesses have been forced to move to a work-from-home environment. This has triggered a range of new cyber security concerns, such as new malware attacks targeted at staff working from home. The current situation highlights the need for businesses to stay alert to emerging threats – in particular ransomware, the most common threat to small and medium-sized enterprises (SMEs).
Recent research by Datto amongst over 150 European managed service providers (MSPs) shows how ransomware is impacting businesses more than ever before. Almost two thirds (61%) of surveyed MSPs reported attacks against their clients in the first six months of 2019 alone, with two in five SMEs being affected. Some SMES were even subjected to multiple attacks in a single day.
And the problem is not only that ransomware attacks are becoming more frequent: year-on-year, the average ransom demanded by cybercriminals has also increased, to currently around £2,000, according to the same research.
While this figure in itself can come as a nasty shock to the affected business, it is usually the aftermath of a ransomware attack that causes the most damage to the bottom line. Ransomware often results in IT system outages, and the Datto survey shows that downtime associated with this has grown by a staggering 300%. Even more worryingly, system downtime can affect small businesses much more than bigger organisations. This is illustrated by the costs related to ransomware attacks, which amount to £108,000 on average per incident – 54 times more than the ransom requested.
It is no wonder then that over half of surveyed MSPs think ransomware attacks have the potential to take entire companies out of business. Already, one in five SMEs in the survey stated that ransomware had damaged their reputation. Over half reported a loss of business productivity after a ransomware attack, alongside lost data or devices and decreased client profitability. And the effects are sometimes felt long term: In around a third of known ransomware attacks, the infection spread to other devices within the business – in some cases, remaining on the company network and striking again at a later time.
Taking the right measures
Paying the ransom is never recommended in an attack, so what should a business do if it is affected? The good news is that IT systems can be restored and data can be recovered, but the ability to do this – and do it quickly – heavily depends on whether regular and consistent backups exist. It can also be extremely difficult to find the source of a threat and work out how long the ransomware has been present. Therefore, MSPs typically rely on a combination of methods to recover their clients’ IT environments after an attack. This could include reimagining servers, virtualising systems from a backup image or running clean-up software.
Above all, being prepared is the best way of minimising the risk of being badly hit by ransomware. Every business should have a robust remediation plan in place that covers responsibilities, and the steps to follow in the event of an attack.
What else can you do?
- Perhaps most importantly, take the ransomware risk seriously. No business is immune to an attack but Datto’s survey found that although 82% of MSPs are ‘very concerned’ about ransomware, just 8% said that their clients felt the same – implying that some SMEs don’t fully understand their risk level.
- Beware of phishing emails. Phishing is still the cause of many successful ransomware attacks (65%), followed by a lack of security training, poor access management and weak passwords. To avoid falling prey to malicious emails, make sure staff are aware of the risks and everyone attends regular security training.
- Consider two-factor authentication. Strong identity and access management greatly reduces the risk of cybercriminals accessing the network.
- Implement strong patching practices. Applying software patches as soon as they are released to fix known vulnerabilities must be a number one priority.
- Don’t rely on existing defences. Antivirus software, email filters and endpoint detection are all essential elements of your security strategy, but they don’t adequately protect against ransomware infections so implement additional measures.
- Make sure you have a good continuity and disaster recovery (BCDR) strategy in place. A BCDR solution that creates regular system backups is one of the most effective tools against ransomware. In order to minimise costly downtime, your recovery plan should focus on how to maintain or restart operations during and after an attack.
- Know that your cloud data is at risk. Ransomware is designed to spread across networks and applications. Around 20% of MSPs reported ransomware attacks on SaaS applications such as Dropbox and Office 365, so implement endpoint and SaaS backup solutions that allow fast restores.
- Outsource your IT. According to Strategy Analytics, SMEs who don’t do this are at higher risk from attacks. If you can’t afford qualified IT experts for 24/7 cyber security monitoring, an MSP has the resources and expertise to do the monitoring for you. However, MSPs are also increasingly targeted by ransomware so select your outsourcing partner carefully and check that they have cyber liability insurance.
Unfortunately, ransomware is not going to disappear any time soon. Instead, it might spread even further. From the point of view of an attacker, Internet of Things (IoT) devices and social media accounts present interesting new targets for further campaigns. In line with this, the majority of MSPs expect that we will see the ransomware wave continue, so strengthen your defences now and be prepared when it strikes.