Ransomware - How Does your Business Reduce Risk?
Written by Shackleton Technologies, 3 May 2019
Datto is one of the world’s leading providers of IT and business continuity solutions, which are delivered by managed service providers, like Shackleton Technologies, to SMBs all over the globe. In their recent “European State of The Channel Report” they publish statistics gathered from nearly 300 managed service providers across Europe.
The statistics are frightening, with over 84% of responding MSPs reporting they had seen SMB clients struck by ransomware over the previous 2 years, while 58% reported clients that had been struck by other viruses. And 42% report clients that had suffered multiple attacks; in the same day!
And yet, only 16% of these attacks were actually reported to authorities, which means the vast majority go unreported, masking the real impact to business.
The Common Denominator
The most common method of delivering ransomware attacks is via phishing emails (50%) with the next most popular method (44%) being malicious websites/adverts.
MSPs also reported that 16% of ransomware is delivered using clickbait, which is often found on websites and is designed to attract attention and encourage users to click on a particular website. Here’s a typical example: “THIS MAN WENT TO STROKE A WILD MALE LION. WHAT HAPPENED NEXT WILL BLOW YOUR MIND”. These traps are specifically designed to catch users unaware.
The one thing that all of these methods of delivery rely upon, the common denominator, is end users. All of these methods are harmless until some unsuspecting or gullible user actually clicks on the link, website, advert or clickbait.
The fact is that almost all ransomware infections gain access to business networks due to human error or disgruntled employees.
The lack of end-user cyber-security training is the single biggest risk to businesses the world over and it’s critical that these businesses recognise this threat and prepare for it, with better user education.
What Should I Do?
This is a good question and there’s a number of precautions and preventative measures that can help reduce a business’ risk of ransomware infection.
This is not an exhaustive list, but some of the key actions SMBs should take include:
- A reliable business continuity & disaster recovery (BCDR) solution which ensures data can be retrieved quickly should an infection occur.
- It’s also vital to employ a layered suite of preventative security services, such as those employed by Shackleton.
- Regular security patch management is essential.
- But, all the protection in the world won’t stop a business getting a ransomware infection if they neglect their most important assets, i.e. their users. User awareness training should be one of the very first considerations for any business concerned about the risk of virus infection.
Datto’s report shows that 91% of MSPs report clients with a formal BCDR solution in place were able to fully recover from an attack in less than 24 hours, whereas only 50% of clients without BCDR were able to do the same.
It was May 2017 when the WannaCry ransomware attack infected 150 countries.
In the UK the NHS was devastated by the infection with over 86 Trusts, 603 Primary Care Units and 565 general practitioner offices affected.
Over 19,000 appointments had to be cancelled and by October 2018 the overall cost to the NHS had reached £92 million in IT costs to restore lost data and systems.
What this clearly demonstrates is that no organisation, large or small, is safe from attack, but it also shows that the cost of ransomware infections is disruptive at best and absolutely devastating at worst.
And 92% of responding MSPs believe Ransomware is here to stay and continue at current or worse rates.
What’s the Future of Ransomware?
Predictions vary on what lies next for ransomware, but with the ever increasing number of IOT devices now in businesses and homes all over the world, it’s only a matter of time before they become a target.
Social media accounts, self-driving cars, wearables and even medical devices are all strongly predicted to be targeted.
Some believe that all personal data on the internet will at some point be erased. And that whole companies and even governments will be blackmailed and potentially made bankrupt.
Ransomware is not going anywhere soon and the time to act, is now.
Shackleton employs tried and tested end user cyber security training, so if you have any questions or concerns about ransomware, or any other cyber-security matters, call Shackleton today.
Proactive Monitoring of your IT Systems can save you a Fortune...
It’s not sexy, but proactive IT monitoring significantly reduces the risk of costly outages and failures
Could 'Hosted Desktop' Technology Future-Proof Your Business Computers?
As PCs get older they slow down, affecting productivity in the process. Could thin client technologies solve that problem?