A recent study suggests almost two-thirds of small businesses aren’t concerned about ransomware…
What is ransomware? Ransomware is a form of malware, malicious software, that hackers place on your computer. What does it do? It locks your files and/or your computer until you pay whatever ransom demand is requested. Sounds serious, right? That’s because it is. Ransomware has taken the world by storm in 2016, yet a recent study done by Datto suggests less than half of small business owners are concerned about it.
There are two issues that cause this lack of concern. First, the “it won’t happen to me” mentality. Considering 91% of the IT pros surveyed had businesses impacted by ransomware, this mentality isn’t exactly accurate. If you are not properly protecting your endpoints and training your staff of modern cyber security threats, it isn’t if it will happen, it’s when.
The second issue that leads to the lack of concern is few businesses actually report when a ransomware attack does take place. According to the research only 25% of businesses impacted with ransomware report it to the authorities. This leads to a lack of awareness within the SMB community. If threats aren’t being reported, how can they possibly be taken seriously?
Ransomware – A Real Threat For SMBs
The threat ransomware poses not only includes the data and financial loss, but the downtime as well. Sixty-three percent of those surveyed reported experiencing business threatening downtime. The ransoms demanded after attacks ranged from $100 to $20,000 USD, with the most popular financial demands ranging from $500-2,000 USD. To an SMB, that could be a major loss. If you compound the financial loss with the downtime, you’re looking at a massive hit.
There are two main layers that influence the success of a ransomware attack. First, your security software. According to the study, 93% of surveyors were using a security software at the time of infection. The types of security software were not broken out between the two different protection methods, whitelist and blacklist; however it is safe to assume a majority, if not all, had been using security software that implements the traditional blacklist approach. This is mistake number one. Traditional blacklisting methods don’t work. It is impossible to keep them up to date with the latest malware threats, since malware is consistently morphing to prevent blacklist detection. The solution is to implement a security software that uses application whitelisting technology.
The second influencer is your employees. How well are they trained? How often are they trained? Do you conduct any mock tests to see how employees would react to a phishing scam? These are the questions you need to ask yourself. There isn’t a security software available to prevent 100% of human errors. Therefore, as an employer, it is your duty to properly train your staff of modern cyber security threats.
Ransomware is a threat to everyone. Large enterprise, SMBs and even home users. It is time to reevaluate your protection methods to ensure your information remains secure. After ransomware strikes, remediation is not plausible in most cases. Therefore, being proactive is imperative. Back up your data daily, ensure all of your endpoints, applications and operating systems are updated, train your employees, and implement a security software that uses application whitelisting technology.