Protecting Your Small Business From Ransomware
A report just out by BrightCloud has some interesting statistics regarding all types of digital threats, but I wanted to review a section of the report on Ransomware since this is the most prevalent and dangerous threat to the firms we work with – small and medium-sized businesses
What if you were hacked?
Or faced a ransomware event?
What would you do?
If you’re not prepared, stick around so I can explain what this risk looks like in 2022.
Okay Ransomware, a quick refresher to understand what it is.
Attackers infiltrate your network or your computer via an email phishing scheme where an unsuspecting user clicks on a malicious link or file, or they access your system via an RDP or Remote Desktop Protocol.
Once in they launch the attack and seize control of your network and lock down all computers, devices, and drives – both physical and virtual.
That means your Google Drive or Outlook, Office 360, or Dropbox on the Cloud are all rendered useless.
Last year 82% of all ransomware attacks targeted organizations with 1,000 or fewer employees.
In fact firms with 100 or fewer employees accounted for 44% of all ransomware attacks.
Hackers target smaller employers because they do not have the security posture that larger firms have.
You are easy pickings.
And hackers are also realizing that larger targets like the Colonial Pipeline attack often lead to investigations and arrests, while smaller garden variety attacks don’t make the news.
It’s better to fly below the radar and still hit jackpots rather than get caught.
This report points out an interesting trend in ransomware attacks.
In the past hackers were satisfied with collecting ransoms on seized computer networks, but when business owners got smart and had fully restorable backups that were detached from their networks and refused to pay the ransoms attackers changed strategies.
Now, if you refuse to pay because you have good backups, the attackers simply threaten to dump your data in the public realm.
This of course can be very damaging to a firm’s reputation and invite lawsuits from customers, clients, vendors, and others.
It’s a “damned if you do and damned if you don’t” situation and you’re forced to pay the ransom.
This brings me to the next issue in this report. Ransom demands are skyrocketing.
In 2018 the average ransom payment was only $6,733 according to BrightCloud.
In 2021 it increased to about $154,000 and last year it more than doubled to an average payment of $322,000.
What will that average look like in 2022?
Who knows, but I can pretty much guarantee it’s not going down.
Another interesting note in this report which is a fairly new trend is crypto mining.
This is where attackers deploy crypto mining software instead of ransomware on your network and absorb your computers’ resources to facilitate crypto mining operations.
So, what’s the answer?
I think the first thing that every business owner regardless of size needs to evaluate is how valuable is their data?
If someone put a padlock on your data and your network how disruptive would that be to your business.
For most organizations, I would imagine that the response would be – that our data is priceless. It runs the company.
Without it, we’d be out of business.
With the value of your data established I think the next step is to consider a strategy to combat not just ransomware threats, but all cyber threats. That strategy is known as hardening your network, or cyber resilience.
Often the strategy is carried out by an outsourced IT or Managed Services Provider unless you have internal IT resources.
And that strategy is a layered defense strategy focused on the following layers:
- Employee training so they don’t click on malicious links.
- Blocking out threats using hardware and software devices.
- Protecting your devices appropriately.
- Backing up data correctly and having a recovery strategy
- and finally having cyber insurance for when things do go wrong.
Cyber insurance is your last line of defense to do two things when your other layers of defense are breached.
And when humans are involved, the perfect systems can be defeated, accidentally or intentionally.
The first function of Cyber Insurance is to pay for the costs to remediate an event.
This includes paying for experts to contain the threat and damage, as well as paying ransom demands, and covering the costs for notifications and other regulatory compliance issues.
The second function of Cyber Insurance is to be a resource to you and your team following an event.
Who is the right law firm to handle legal inquiries?
How do you perform forensic analysis on your network to uncover what happened?
Who is the right PR firm to handle crisis management?
These are the questions your cyber insurance company can answer and can bring into the situation quickly.
Here’s the bottom line.
Cyber threats for small and medium-sized businesses continue to grow and morph.
Once you think you’ve got it figured out, your adversaries are re-charting the course so they can continue to extract money from you.
The topic I covered here is just ransomware because I believe it to be the biggest threat to small and medium-sized firms.
And when I say small, I mean even one person solo firms.
No one is immune from this threat.
Haven’t purchased cyber insurance yet?
Thinking maybe it’s time to but don’t know where to go?
Wonder if your cyber insurance is sufficient in the face of growing threats?
Give me a call or drop me an email.
As an expert in cyber insurance we represent the top players in cyber and would be happy to speak with you about your options and guide you along the way.
I promise, no high pressure, no sales games or gimmicks – if you’re serious about getting the right protection, we’re serious too.