It seems that no one wants to talk about it, or acknowledge its existence, but the elephant in the room is the continuing and constant growth of ransomware (malicious software designed to deny access to a computer system or data until a ransom is paid).
One of our partner companies, Datto, produces a fantastic yearly report on the global state of ransomware as reported by over 2400 managed service providers (MSPs) around the world. The report is filed with excellent information in a very readable format. You can download the whole thing here.
If you don’t want to tax yourself with the whole report, below are some of the key points and main takeaways that are important to you and your business:
#1 Ransomware is a massive threat to small and mid-sized businesses (SMBs) – 79% of MSPs report clients that have been struck by ransomware.
#2 The problem is even bigger than publicly known, since less than 1 in 4 ransomware attacks are reported to the authorities.
#3 Lack of cybersecurity education is the leading cause of successful attacks, followed closely by poor user practices (users prone to social engineering tricks), and weak passwords/access management.
#4 The cost of business downtime due to an attack is far greater (about 10x greater) than the cost of the average ransom requested (with the average ransom at $4300 and the downtime costing an average of $46.8k).
#5 The leading ransomware delivery method is phishing emails (66%!), followed by malicious websites and web ads, and clickbait.
Unsurprisingly, the report also found that the most effective solution for avoiding extended downtime after an attack is business continuity and disaster recovery, allowing a victimized organization to fully recover in a much shorter time frame.
Don’t ignore the elephant in the room! Get your ducks in a row!
What can you do?
There are great options for cybersecurity education that will make you and your employees aware of the risks. These programs also teach you how to avoid being tricked by increasingly clever techniques designed to manipulate you into providing confidential or personal information. This will substantially lower your organizational risk.
Also, make sure your business continuity and disaster recovery plans and systems are in place so your downtime is minimal when you do (and you will!) get targeted by ransomware.
If you’d like more information on how to protect yourself from this threat, reach out today.