Ransomware is the leading cyberattack experienced by small and medium-sized businesses (SMBs), according to a survey of more than 2,400 managed service providers (MSPs) conducted by data protection company Datto.
Key findings from Datto's "State of the Channel Ransomware Report" included:
- 79 percent of MSPs reported ransomware attacks against customers.
- 85 percent indicated that victims had antivirus software installed, 65 percent reported victims had email/spam filters installed and 29 percent reported victims used pop-up blockers.
- 89 percent are "highly concerned" about ransomware attacks.
- 92 percent predict the number of ransomware attacks will continue at current, or worse, rates.
- MSPs ranked phishing emails as the top ransomware delivery method, followed by malicious websites, web ads and clickbait.
- The average requested ransom for SMBs is roughly $4,300, while the average cost of downtime related to such an attack is approximately $46,800.
- The number of MSPs reporting OS/iOS attacks increased by nearly 500 percent year over year in the first six months of 2018.
No single solution is guaranteed to prevent such attacks, Datto indicated. Conversely, SMBs require a multilayered approach to identify and stop ransomware attacks before they cause brand reputation damage, revenue loss and other problems.
How Can SMBs Address Ransomware Attacks?
Datto offered the following recommendations to help SMBs safeguard their data and assets against such attacks:
- Leverage business continuity and disaster recovery (BCDR) technology. BCDR technology won't stop ransomware attacks; instead, it helps an SMB determine how to limit downtime and maintain operations despite a ransomware attack.
- Provide cybersecurity training. By offering regular and mandatory cybersecurity training, an SMB can ensure all of its employees can identify and avoid potential phishing scams that otherwise lead to such an attack.
- Employ a dedicated cybersecurity professional. It may be difficult for an SMB to hire a full-time cybersecurity professional. Fortunately, working with an MSP allows an SMB to receive cybersecurity monitoring and other security services.
Businesses – regardless of size – need to "think differently" about these attacks, Datto CISO Ryan Week said. With a combination of end user training, endpoint protection and an intelligent backup system, companies are better equipped than ever before to protect their brands, employees and customers against the attacks.