Small and Mid-Sized Businesses Need to be Prepared for Ransomware Attacks

Reading time: 9 min
Share this Share on email Share on twitter Share on linkedin Share on facebook

Ransomware attacks are currently one of the fastest-growing cyber security threats affecting small to mid-sized businesses (SMBs).

These incidents can hit organizations of all sizes within virtually every industry. Bitdefender’s Mid-Year Threat Landscape Report 2020 noted the total number of ransomware reports jumped by 715% globally year-over-year.

Pandemic-related incidents had a large impact, and similar threat levels are expected for 2021. Cyber criminals are likely encouraged by the successful attacks that have been widely reported, and they’re likely on the lookout for ever more sophisticated ways to attack corporate security systems.

What is ransomware?

Before SMBs can hope to defend themselves, they need to understand exactly what ransomware is and how it works. Ransomware is a type of malware that threatens to publish an organization's sensitive data or continually block access to documents unless a ransom is paid.

The more advanced forms of ransomware encrypt a company’s files rendering them inaccessible, then demand payment to decrypt them. Victims of these attacks are often forced to utilize a decryption key to recover the documents.

Attackers typically demand payments in digital currencies such as Bitcoin as well as other cryptocurrencies. Since these types of payment are difficult to trace, finding and prosecuting the attackers is difficult and unfruitful.

Ransomware attacks are usually carried out using trojans. Trojans are malware that misleads users of its true intent – like the trojan horse made popular by Virgil’s poem The Aeneid. These malware viruses are disguised as legitimate files that a user is tricked into downloading or opening when it arrives via email attachment.

The threat of ransomware is clearly on the rise. A report from research firm International Data Corp. (IDC) released in August 2021 showed that more than one third of organizations worldwide have experienced a ransomware attack or breach that blocked access to systems or data in the previous 12 months. For those organizations that fell victim to ransomware, it is not uncommon to have experienced multiple ransomware events, the report said.

Datto’s 2020 State of the Channel Report said nearly 70% of managed services providers (MSPs) report ransomware as the most common malware threat to SMBs. However, while a majority of MSPs (84%) are “very concerned” about ransomware, only 30% report that their SMB clients feel the same.

With major ransomware events making the news on a regular basis, SMBs need to take the threats seriously as the impacts of such an attack could be catastrophic to their business.

Best practices to prevent a ransomware cyber attack

So, how can SMBs protect themselves against ransomware and other cyber attacks?

One is to deploy a multi-layered defense if they haven’t already done so. That means going beyond just implementing malware-detecting software. They need to have tools that provide visibility at the endpoint and network layers, including endpoint detection and response (EDR) and managed detection and response (MDR).

EDR continually monitors endpoint devices and responds to suspicious activities to mitigate cyber attack threats. EDR tools are available via the cloud or on premises, gather data from endpoint devices and then analyze the data to reveal potential threats and issues. The software is installed on end-user devices and data is stored in a centralized database.

MDR provides companies with continuous, outsourced cyber security operations. It offers security for endpoints and networks as well as security analytics and threat-hunting expertise. Protecting against ransomware is a continuous, not part-time, effort. And because many smaller companies are not equipped to provide around-the-clock coverage, they need and MDR service to help prevent ransomware attacks from executing and spreading within the organization.

MDR and EDR

Both MDR and EDR have become accessible to SMBs, offering security operations center security that in the past only larger organizations have been able to afford.

Because even brief delays in detecting and responding to ransomware can lead to significant problems, defending against ransomware using a multi-layered approach based on pre-emptive protection is vital.

Aside from deploying the latest security tools to protect against ransomware, SMBs should focus on prevention or at the very least reducing the likelihood of being hit with an attack. That includes conducting regular security risk assessments and following a continuous approach to patch management utilizing services such as MDR and EDR.

The threat landscape is constantly evolving with ransomware attacks becoming highly adaptable, so frequent risk assessments through MDR and EDR are recommended. Plenty of qualified managed security services providers are available to help with assessments and other services.

SMBs need to understand that prevention is not enough; they also need to have a mitigation plan in place that includes tamperproof backups. When a potential new ransomware strain tries to encrypt files, a tamperproof backup of the targeted files can restore the files after the malware has been blocked.

IDC noted other steps companies can take as part of their ransomware defense strategy. These include reviewing and certifying security and data protection and recovery practices with partners and suppliers; periodically stress-testing response procedures; and increased sharing of threat intelligence with other organizations and/or government agencies.

Cyber security training

No security strategy of any kind is complete without effective training programs for all users. As the Datto report pointed out, end-user education is an essential piece of an effective ransomware protection strategy. Phishing, poor user practices, and lack of end-user cyber security training were the three most common causes of successful ransomware breaches, it said.

It’s important to understand that security training must go beyond covering just how to identify phishing attacks, the report said. While phishing topped the list, weak passwords, open remote desktop protocol access, and a host of other user errors were also to blame for breaches.

Making cyber security strategy a priority

SMBs need to make cyber security a priority from the highest levels of the company. That means the CEO and other senior executives need to set an example and make it clear that security practices that help enhance ransomware prevention are everyone’s responsibility.

By taking the necessary precautions, small and mid-sized companies can create strong defenses against ransomware as well as other types of attacks.

Learn more about how to build a strong security strategy.