Ransomware Impact on Small Businesses
Oct 29, 2021
Ransomware is identified as one of the most dangerous cybersecurity threats facing businesses of any size as attacks become more widespread. Ransomware is a category of malware that blocks access to a computer or network until a ransom is paid. Recently cybercriminals have begun to deploy more strategic tactics when gaining access to sensitive information. These criminals are starting to contact competitors with your proprietary information to gain additional monetary compensation. They may also threaten to destroy the information or reveal information publicly if the victim does not pay the ransom. Organized crime is behind the vast majority of breaches with financial gain being their end goal.
Many are aware of the large ransomware attacks that target large corporations. Apple supplier Quanta was recently targeted with a $50 million ransomware extortion. The cybercriminal gang gained access to Apple’s new product blueprints in April and attempted to extort Apple to keep the new product details a secret. JBS USA, one of the largest meat suppliers in the US, had to temporarily halt operations at its five largest US-based plants due to a hack that ended in an $11 million ransom payout in May. Colonial Pipeline, America's largest refined products pipeline, was infiltrated with ransomware in May. This attack caused the average price of gasoline in the US to increase to over $3 per gallon for the first time in 7 years.
Small business owners may see these headlines of big brands being hacked and conclude they are too small to be targeted by a ransomware attack, but the data shows otherwise. The Verizon Data Breach Investigations Report discovered that nearly half of data breaches occur in small organizations. Yet over half of American small business owners state they are not concerned about being the victim of a hack in the next 12 months according to a recent study by CNBC. This study found that over half of small businesses believed they could quickly resolve a ransomware attempt, but only 28% have a plan in the event of a hack. And only ¼ of these small businesses subscribe to cyber security insurance. According to the National Cyber Security Alliance, 60% of small and midsize businesses that are hacked go out of business within six months. Small businesses are easy targets because they have sensitive information that cybercriminals can use against them, and they typically lack the security infrastructure compared to larger businesses. Smaller businesses are often in the least favorable position when it comes to readiness to resolve a ransomware attack, which makes them the perfect target.
As companies shifted to remote work in 2020, employees worked significantly less often within protected company networks. This created more opportunities for hackers to break into their devices and gain valuable information. Hackers are now using automation to quickly zero in on known security holes. It is also easier than ever for cyber actors to attack victims because many criminals no longer need to create ransomware. Bad actors can now license ransomware-as-a-service (RaaS) for a fee. The topic of data breaches has started to flip from 'if' to 'when' a company will be breached. The FBI’s Internet Crime Complaint Center reported a 20% increase in reported ransomware incidents in 2020 and over a 200% increase in ransom amounts, though this is only assumed to be a fraction of incidents. According to the Sophos State of Ransomware 2021 report, the number of organizations deciding to pay a ransom has risen to 32% in 2021 compared to 26% in 2020, yet only 8% of these companies got all their data back despite paying the ransom. They found that nearly a third of companies couldn't recover more than half the encrypted data following a ransomware event.
The fight against data breaches will continue to rely on a company’s proactive ability to stop breaches before they happen and to have a plan if a cybersecurity breach does occur. The following are some best practices that companies should adopt to reduce the risk of ransomware attacks:
- Keep operating systems, software, and applications up-to-date and patched
- Ensure antivirus and anti-malware solutions automatically update and run regular scans on every computer and device
- Secure and encrypt internet connections
- Reduce remote desktop protocol vulnerabilities and software vulnerabilities
- Protect sensitive information by limiting and controlling access, especially for third-party vendors
- Enforce multi-factor authentication
- Purchase cyber security insurance
- Train employees on:
- How to spot phishing emails
- Avoiding downloading suspicious files
- Creating strong passwords
- Utilize safe browning practices
- How to protect sensitive information
- Ensure third-party vendors with proprietary information access are following all of these same protocols
These are just some of the basics of mitigating your company’s risk of a ransomware attack. Companies of all sizes need to consider their risks and have a plan. Not sure where to start? Omni Data can help, reach out today to get a free consultation by calling 203-387-6664 or by email at firstname.lastname@example.org.
Omni Data LLC
West Haven, Connecticut
T: 203-387-6664 | W: www.myomnidata.com