Ryan Weeks, Chief Information Security Officer at Datto, warns businesses to toughen their defences now before it is too late…
In the current global health crisis, unprecedented numbers of organisations are letting staff work from home. This switch has been necessary to comply with social distancing measures, but it has prompted new cybersecurity concerns.
The US Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and the UK’s National Cyber Security Centre (NCSC) recently issued a warning that the Coronavirus pandemic is being exploited by malicious cyber actors. Businesses must stay alert to emerging threats or risk falling victim to an attack. This is particularly true for ransomware, still the most common threat to small and medium-sized enterprises (SMEs).
Recent research by Datto amongst over 150 European managed service providers (MSPs) highlights the extent to which ransomware affects businesses, and the impact it can have is bigger than ever before. According to the survey, almost two thirds (61%) of MSPs reported ransomware campaigns against their clients in the first half of 2019 alone. Roughly two in five SMEs were affected; some of them even suffered several attacks in a single day.
While ransomware attacks are becoming more frequent, the average ransom demanded by cybercriminals has also increased and, according to the same survey, currently stands at around £2,000. Paying the ransom, of course, is never recommended and is no guarantee that the attacker will restore the encrypted data.
The truth is that most ransomware attacks will result in downtime and IT system outages. It is often this aftermath of an attack that does the biggest damage: The Datto research revealed that costs related to ransomware attacks now amount to an average £108,000 per incident – which is 54 times more than the ransom requested. At the same time, business downtime caused by ransomware has grown by as much as 300%.
The impact on small businesses can be devastating, with over half of surveyed MSPs believing that ransomware attacks have the potential to take entire companies out of business. In line with this, one in five SMEs reported that ransomware had damaged their reputation. More than 50% saw a dip in business productivity after being attacked, alongside decreased client profitability. Worse still, the effects of ransomware could be felt long term: In around a third of attacks, the infection spread to other devices within the network – sometimes striking for a second time.
Putting in place the right defences
The good news is that with regular backups and the right expertise, IT systems and data can be restored during a ransomware incident. However, the ability to do this – and the speed of the recovery – heavily depends on the quality and consistency of backups. MSPs often have to follow a whole range of processes to repair their clients’ IT environments after an attack. This includes reimaging servers, virtualising systems from a backup image and running clean-up software.
The most important strategy for minimising damage caused by ransomware is to be prepared. This is why every organisation should have a robust, step-by-step remediation plan that clearly outlines everyone’s responsibilities in the event of an attack.
Take the ransomware threat seriously. Datto’s research found that while 82% of MSPs are ‘very concerned’ about ransomware, only 8% reported that their clients felt the same – implying that some SMEs don’t fully appreciate their risk level. Remember that no matter how small, no business is immune to an attack.
Beware of phishing. Phishing emails are still the starting point for nearly two thirds of successful ransomware attacks. Other risk factors according to the survey are weak passwords, poor access management and gaps in security training. So make sure users have a good understanding of security risks and best practices. All employees should receive regular security training.
Implement two-factor authentication. Strong identity and access management is the best defence against intruders. Ensure strong patching practices. To fix any known software vulnerabilities, make it a number one priority to install software patches as soon as they are released.
Don’t rely only on your antivirus software. Yes, antivirus, email filters and endpoint detection are essential elements of any security strategy, but successful attacks have proven that on their own, they don’t provide adequate ransomware protection. You need additional measures – such as a strong continuity and disaster recovery (BCDR) strategy.
Install a reliable BCDR solution. Taking regular system backups is one of the best defences against ransomware. When planning your BCDR strategy, focus on how to minimise downtime and restart operations during an attack.
Protect your cloud data. Ransomware is designed to spread across networks and applications – and your cloud is at risk. Around one in five MSPs reported ransomware attacks on SaaS applications such as Dropbox and Office 365, so use endpoint and SaaS backup solutions that allow fast recovery.
Find a strong MSP partner. According to Strategy Analytics, SMEs who don’t outsource their IT are at bigger risk from attacks. Unless you can employ qualified in-house staff for 24/7 cybersecurity monitoring, engage an MSP who has the resources to do the monitoring for you. Remember that MSPs can also be targeted by attackers, so select carefully and make sure your chosen partner has appropriate insurance.
One thing is clear, the ransomware threat is not going away any time soon. Internet of Things (IoT) devices and social media accounts will likely become new targets of future campaigns. Be prepared and toughen your defences now before it is too late.
For more security-themed articles, click here
PCR’s 30 Under 30 list 2020: Nominate yourself or a colleague now! All details here.
Read the latest edition of PCR’s monthly magazine below: