Defending against ransomware – it’s a matter of when, not if
- Written by James Bergl, Regional VP, ANZ at Datto
Ransomware is the single biggest cyberthreat facing businesses today. Being attacked by cybercrooks using ransomware is a matter of when, not if. So, if you’re going to come under attack, what are some preventative measures you can take to ensure that your business will continue as usual?
Datto’s recent Annual Global State of the Channel Ransomware Report surveyed 1000 managed service providers (MSPs) around the world on what they’re seeing when it comes to this malicious software and the criminals behind it.
The report makes for sobering reading, with around 70 per cent of MSPs reporting that ransomware is the most common malware threat to small and medium sized businesses.
Ransomware is a particularly insidious form of attack, as crooks will use techniques like phishing (sending legitimate-looking emails that encourage an unsuspecting user to open them and click on a link that downloads malware), to get access to a computer and from there to the business network.
Once the criminals have access to the network, they do two things. The first is that they extract precious business data – known as exfiltrating – and upload it somewhere they can access it later. Then they encrypt all the data on the network, making it impossible for the business to keep running.
Once they’ve done those things, they issue demands: pay up or we will release your data to the world, and if you don’t pay, your data will stay encrypted.
The cost of ransomware
The costs associated with a ransomware attack are dramatic. Sixty-two percent of businesses hit by ransomware report experiencing lost productivity. Thirty-nine per cent say that they undergo business-threatening downtime, while 28 per cent report lost data and 24 per cent decreased profitability.
However, it’s the downtime that’s associated with a ransomware attack that is the real killer. Although ransoms haven’t gone up much over the last couple of years, and average around $4,400 in Asia-Pacific, the costs associated with the downtime that a business will experience until it can deal with the attack are constantly rising. Our research found that the average downtime cost for a business in Asia-Pacific is just over a quarter of a million dollars, a figure that has risen 94 per cent since 2019.
Small and medium sized businesses aren’t the only ones being attacked. Ninety-five per cent of managed service providers also report they are coming under fire from ransomware, and 84 per cent of those surveyed said they were very concerned about the threat.
Contrast this to the MSP’s clients, of which only 30 per cent are concerned about being hit with a ransomware attack.
The causes of ransomware and how to defend against it
The single biggest defence an MSP or SMB has against being hit by ransomware is having a business continuity and disaster recovery (BCDR) solution. Ninety-one per cent of MSPs reported that clients who have this type of defence are less likely to experience significant downtime during a ransomware attack.
Business continuity and disaster recovery is a broad set of tools, from backup and recovery through to endpoint protection that allows a business to quickly bounce back if it is hit by a ransomware attack. BCDR means being able to get the organisation up and running quickly again, minimising downtime, and reducing the need to pay a ransom to the cybercrooks.
The leading cause of a ransomware infestation is from phishing emails, followed by poor user practices, a lack of cyber security training and weak passwords.
That’s why, along with BCDR, the best defence against these nasty attacks is to ensure that the business has prepared their staff to be the frontline of the defence strategy. MSPs and SMBs must provide regular and mandatory cybersecurity training to give staff the ability to spot and avoid potential attacks.
With ransomware being the number one cyber threat facing business, having a solid BCDR strategy is absolutely vital. But along with that comes the need to train staff to spot attacks before they happen – this means giving them the knowledge to see a phishing email for what it is, along with practicing good cyber hygiene with strong passwords and good access management.
While it’s likely that most businesses will get hit by ransomware, being prepared is the best way to bounce back, and avoid the crippling costs of these attacks.