Survey finds that ransomware is still the most significant cyber threat to small-to-medium sized businesses
- Published: Wednesday, 14 November 2018 09:33
Datto, Inc., has published the findings of its third annual Global State of the Channel Ransomware Report, which found that ransomware continues to be the leading type of cyber attack experienced by small-to-medium sized businesses (SMBs) and business continuity and disaster recovery technologies are the most effective methods for ransomware protection. The report surveyed 2,400 managed service providers (MSPs) that support the IT needs of nearly half a million SMBs around the globe. The survey also revealed the large impact these attacks have on businesses, including that:
- Revenue lost to downtime can cripple a small business: the average attack is 10 times more costly to the business than the ransom itself, with attacks costing a SMB $46,800 on average and the ransom requested averaging $4,300 per attack.
- Attacks are frequent and expected to increase: more than 55 percent of MSPs stated their clients experienced a ransomware attack in the first six months of 2018, and 35 percent said their clients were attacked multiple times in the same day. 92 percent of MSPs predict the number of attacks will continue at current or increased rates.
- Antivirus software solutions are ineffective: 85 percent of MSPs reported that ransomware victims had antivirus software installed, 65 percent reported victims had email/spam filters installed, and 29 percent reported victims had had pop-up blockers, which failed to block ransomware attacks.
- Businesses using Apple operating systems are also vulnerable: there was a fivefold increase in the number of MSPs reporting ransomware attacks on macOS and iOS platforms over the last year.
“The number one threat for small business CEOs is thinking they are immune to ransomware attacks,” said Michael Drake, CEO, masterIT, an MSP in Memphis, Tennessee who has helped clients recover from ransomware attacks. “They think they don’t have anything the hackers want, so it’s not worth the price to protect themselves. When something happens, they’re shocked by the cost to get everything back up and running. It’s mind-blowing.”
The survey also found that most businesses don’t report attacks: less than one in four ransomware attacks were reported to the authorities.
When it comes to protecting small and medium-sized businesses, the report found that:
- Business continuity and disaster recovery technologies are deemed the most effective methods for ransomware protection: 90 percent of MSPs report that clients with business continuity and disaster recovery technologies in place fully recovered from an attack within 24 hours.
- Employees need training and education to be the front line of defense / defence: many ransomware breaches are successful due to phishing attacks, malicious websites, web ads, and clickbait directed at small businesses. Ongoing training for employees to help them remain vigilant is a best practice for small businesses.