Ransomware has risen in the last couple of years to be one of the most dangerous forms of malware. Just one attack can cause a company to be down for days, costing hundreds of thousands of dollars in losses.
In the recent attacks on Colonial Pipeline and JBS (the world’s largest beef & pork producer), both companies had operations down for nearly a week. In addition to downtime losses, both also paid millions of dollars in ransom to the attackers.
How bad has ransomware become?
In 2020, attack volume increased 485%. But that’s not all. The average remediation cost has more than doubled from $761,106 to $1.85 million.
These types of attacks have also been fueled by a new criminal business model called Ransomware as a Service (RaaS). This is a subscription model where anyone can subscribe to get the tools and guidance for conducting a ransomware attack. No skills or coding needed!
If you’re a small business, you might read the stories you see in the news about Colonial Pipeline or large hospitals or government organizations getting hit with ransomware and think that you don’t need to worry. You might think attackers only go after the “big guys with deep pockets,” so it’s not relevant to your cybersecurity strategy.
But you’d be very wrong.
Small businesses are a prime target for attackers, just as any other business. While some large criminal groups target companies they know can make a payout of millions in a matter of days, there are even more smaller hackers that go after a quick hit of a few thousand dollars from a small business.
While “Joe’s Cupcake Shop” might not make the headlines if hit with a ransomware attack, just become you’re only seeing larger organizations make the news, doesn’t mean smaller companies aren’t also getting hit.
According to the Secretary of Homeland Security, 50 to 70% of all ransomware attacks are aimed at small and medium-sized businesses.
Warning from the Colorado AG
Colorado’s Attorney General recently gave a warning that ransomware could have “disastrous consequences” for small businesses.
The AG emphasized the recent Kaseya attack as a prime example of how smaller companies are at risk. In this attack, a provider of remote monitoring and management software to IT businesses had its software hacked. The breach of Kaseya software quickly spread to the managed services providers that used the software and through them, to their customers, most of whom were SMBs.
It’s estimated that the attack infected up to 1,500 small to mid-sized companies with ransomware.
Attorney General Weiser stated, “What the Kaseya attack has reinforced is that no institution is insulated from these attacks.”
Microsoft Exchange Server Hack
Another large attack that included ransomware infecting the on-premises servers of over $250,000 organizations around the world happened earlier this year. The Microsoft Exchange Server hack targeted businesses that were managing their company email using an on-premises server running the Microsoft Exchange Server software.
The primary victims of the attack weren’t large enterprises. They were small and medium-sized businesses, smaller local institutions, and local governments.
Factors That Put Small Businesses at Risk of Becoming a Ransomware Victim
It’s important to put the right safeguards in place to protect against a devastating ransomware attack. Because ransomware quickly encrypts all of a company’s files, basically shutting down most operations, it’s one of the most impactful types of attacks.
Here are some of the factors that put you at risk.
Not Having a Good Backup & Recovery Tool (and Not Testing It)
The entire point of backing up your data is so it can be fully recovered later if needed. Yet many companies never test the recovery part of their backup process.
This leaves them at higher risk of having to pay an attacker if they find out later the recovery mechanism is too slow, or they’ve never been through it so are unsure how long it will take.
Not Providing Ongoing Employee Security Awareness Training
Employees are on the front line of cyberattacks because those attacks often originate with a phishing email. Not keeping your employees trained (more than once a year) to help them hone phishing identification skills, means there is more chance someone will be fooled and could accidentally unleash ransomware into the network.
Falling Down on Basic Cybersecurity Hygiene
According to a recent Sophos Threat Report, a lack of attention to one or more aspects of basic security hygiene has been found to be “at the root
cause of many of the most damaging attacks.”
Not staying vigilant about things like password security, two-factor authentication, firewalls, email filtering, and the use of VPNs for remote employees, can leave your business at risk.
Secure Your Devices & Network In One Easy Plan
Managed IT services cover multiple best practices of cybersecurity and provide you with peace of mind. B-Comp Services can work with your Denver area business to customize a plan that fits your needs and budget.
Contact us today to discuss your security possibilities. Call at 303-282-4934 or contact us online.
