Ransomware continues to cast a long shadow, dominating the cyberthreat landscape for small and medium-sized businesses (SMBs), according to a recent report from Datto.
Ransomware was the most common cyberattack experienced by SMBs in 2018, with companies facing these attacks more than viruses or spyware.
The report surveyed 2,400 managed service providers (MSPs) that provide IT support for roughly half a million SMBs worldwide. It found that ransomware attacks occur frequently and are, unsurprisingly, expected to increase.
More than 55% of those surveyed said their clients experienced a ransomware attack in the first six months of 2018, and 35% said their clients were attacked multiple times – often in the same day. 92% of MSPs said they predict the number of attacks will continue at current or increased rates.
Ransomware’s Fiscal Impact
The revenue lost due to downtime from these attacks can devastate a small business. The report found the average overall cost of the attack is about ten times more than ransom itself (the overall cost averages about $46,800 while the ransom amount averages $4,300).
Safety Not Guaranteed
Unfortunately, even antivirus solutions are often not effective for preventing ransomware attacks, with 85% of victims having antivirus software installed, 65% having email/spam filters installed and 29% having pop-up blockers installed.
Using Apple operating systems is also no guarantee of safety, the report found. The number of MSPs who reported ransomware attacks on macOS and iOS platforms increased 5 times in the past year.
“The number one threat for small business CEOs is thinking they are immune to ransomware attacks,” said Michael Drake, CEO of the MSP masterIT. “They think they don’t have anything the hackers want, so it’s not worth the price to protect themselves. When something happens, they’re shocked by the cost to get everything back up and running. It’s mind-blowing.”
Failure in Reporting
While these numbers are alarming, they likely don’t paint a complete picture, as most businesses do not report attacks, the report found. Less than one in four ransomware attacks were reported to authorities, according to the report.
To better protect their business, SMBs should work with MSPs and other partners to create a ransomware response plan that includes detection, communication, cause assessment, recovery, and prevention, the report recommended. Ongoing employee training is also a key defense, as many ransomware breaches are successful due to phishing attacks, malicious websites, web ads and clickbait directed at small businesses.
- Ransomware was the most common cyberattack experienced by SMBs in 2018, with companies facing these attacks more than viruses or spyware.
- More than 55% of SMBs experienced a ransomware attack in the first six months of 2018, and 35% were attacked multiple times in the same day.