A towering sum of £71 million was lost by European SMBs due to ransomware downtime between 2016 and 2017, proving that businesses of all sizes suffer the effects of cybercrime.
The problem is being perpetuated by the fact that these businesses believe the best option in terms of downtime is to pay the ransom, with 21 per cent of SMBs just handing over the money. Crucially, 18 per cent still do not regain data access.
Also adding fuel to the fire of the ransomware problem, less than 33 per cent of attacks are reported to the authorities, this is believed to be out of fear of revealing the breach.
Data protection firm, Datto Inc, is behind these findings, also noting that the average ransom request has been between £350 asnd £1407.
Mark Banfield, SVP at Datto, said: “The impact of ransomware can be threefold. The combined cost of the ransom, downtime and any reputation damage suffered can have a potentially business-threatening effect on a SMB, so there needs be a greater understanding around it. This can be helped by encouraging victims to report attacks. Providing authorities with real-life data that can be used to improve general awareness, prevention, detection and prosecution of perpetrators.”
The report also outlines the driving reasons that ransomware has been so successful, identifying that 45 per cent of respondents stated said a lack of cybersecurity training was to blame, with 42 per cent pointing to phishing emails.
“It’s also alarming that a lack of cybersecurity training is cited as a reason for ransomware’s growing effectiveness. Many SMBs take their chances by not even providing basic training, but this simply increases the chances of phishing emails and other social engineering attacks being successful. Businesses must teach employees to identify the red flags,” Banfield said.
Another important revelation made by the report is that 94 per cent of those hit by ransomware had anti-virus software in place, making it clear that legacy forms of protection are no longer viable in defence against today’s threat landscape.
“Defending against ransomware requires a multi-layered cybersecurity strategy. No single defence is enough – as proven by the number of attacks despite antivirus being in place. Cybersecurity training needs to be combined with malware blockers and detectors, with a reliable BDR providing the last line of defence. When SMBs take regular snapshots of networks, they are able to simply spin up systems from a healthy point should a ransomware attack take hold. Critically, this mitigates having to pay the ransom and the downtime suffered from not having access to critical data.”