Crime & Crime Again: Are Most SMBs Still Unprepared for Cyberattacks?

As more small and medium sized businesses (SMBs) begin to take advantage of the cloud, invest in information technology, and recognize the importance of their data and online presence, they also increase security risk. So what does the average business leader do to address threats and prevent disasters? If only 38% of small businesses are highly concerned about ransomware, then they might not be doing much to build up defenses for other types of malware. Cyberattacks can occur in any industry, to any system, and through any device. The fight against them begins with awareness and education, but that’s only one of the many crucial steps SMBs must take.

Recent survey findings from managed service providers (MSPs) around the world tell a terrifying tale that today’s small and medium sized businesses really need to hear. Here’s hoping that the trends among more than 1,700 MSPs will convince you to rethink your company’s data security efforts – before it’s too late.

Attacks Occur More Often Than You’d Think

A recent report showed that 86% of surveyed MSPs said their small business clients were victimized by ransomware in the last two years, with 26% suffering multiple cyberattacks in a single day.1

Data also showed that while many businesses take action by reporting incidents to the authorities, a majority go unreported, which continues to embolden hackers and contribute to future attacks. What may begin to discourage hackers, however, is the fact that fewer SMBs are paying up; only 35% of MSPs said their clients pay ransoms even though 15% of businesses never actually recover their data.1 Refusing to cooperate in ransomware situations can be a viable solution for businesses that have backup and recovery systems in place to restore data on their own with minimal repercussions.

Industries targeted most by ransomware attacks include construction, manufacturing, healthcare, professional services and finance.1

Have you heard of WannaCry? Cybercriminals are developing new variants of ransomware daily, including strains like Locky, NotPetya, and Bad Rabbit that wreak havoc on critical business functions. IT professionals expect the number of ransomware attacks to steadily climb over the next few years, so operating off of the assumption that your business isn’t likely to be affected is not a smart decision. Other cyberattacks can come in the form of email campaigns, exploit kits, malvertising, mobile apps, and social media phishing.

Ransoms Are the Least of Victims’ Problems

In 2016, cybersecurity specialists found that one business was attacked every 40 seconds by ransomware. But when these events occur, the ransom requests themselves are often not the biggest issue faced by victims. Requests typically range from $500 to $2,000 and from Q2 2016 to Q2 2017, SMBs shelled out $301 million in ransom. Though surprising sums, they don’t take into account the total disruption caused and the possible aftereffects.

When unprepared, affected businesses can say goodbye to large amounts of money, time, and energy due to downtime, data and device loss, and ongoing restoration efforts. Business leaders are doing themselves a disservice when they choose reaction instead of preventative action when it comes to IT management decisions and staff education.

Running a business without a managed service provider to proactively address threats is only part of the problem; MSPs themselves say a leading cause of their clients’ ransomware infections is a lack of mandatory cybersecurity training. Overcoming disasters requires a multifaceted approach to data security.

Here’s How SMBs Should Prepare for 2018

Not having the time or budget to reassess your data security efforts in preparation for cyber threats in 2018 is not an excuse. There are many experienced IT partners that can handle any or all of your company’s security measures, many of which offer products and managed services within your company’s budget requirements. Here’s what you need to think about when planning for the year ahead:

  • Designate an IT security leader or team that can provide 24/7 monitoring and protection measures
  • Implement data backup and security systems that protect information most critical for business operations
  • Create a disaster recovery plan to handle disaster impact in the best way possible and establish tangible recovery plans and timelines
  • Take time to educate your employees about cybersecurity and why they are the first line of defense against attacks

Are you leaving your data up for grabs? Hackers can infiltrate weak IT environments, but human error and disaster can also devastate a business just as equally. See how you stack up against modern data security recommendations by taking our Data Vulnerability Quiz below. This brief series of questions will give you a better sense of your current security risk so you can start improving your company’s data protection measures today.


  1.      Kaspersky Security Bulletin 2016, Kaspersky Lab
No Comments

Post A Comment