Ransomware attacks are on the rise and malicious cybercriminals are always fine-tuning their strategies. Business leaders need to realise that their tactics include disrupting critical business operations across all industry verticals and businesses of all sizes, including small to midsize enterprises (SMEs).
With most of the recent headline-making ransomware attacks against larger organisations who are likely to be more financially capable of meeting exceeding large ransom demands, the findings around the targeting of smaller businesses with fewer resources raise the question as to why ransomware operators are going after SMEs in the first place.
The frequency and severity of successful ransomware attacks have a tremendous impact on victim organisations and their ability to conduct business. This was highlighted in a recent Cybereason report titled Ransomware: The True Cost to Business.
A Case of Misplaced Confidence
One of the central drivers of SMEs’ vulnerability to ransomware is misplaced confidence by the organisations themselves. The US National Cyber Security Alliance got it right when it said that at least some SMEs simply think they’re too small to be of interest to attackers.
In a 2019 survey covered by CSO, for instance, 18% of SME decision-makers said that digital security was their lowest priority. Two-thirds of respondents justified this stance by saying that a ransomware attack against them was unlikely—despite 67% of SMBs having suffered a ransomware attack.
Such overconfidence creates a culture where a weak security posture and poor security hygiene by SMEs can actually make them more attractive to ransomware attackers. Going back to the study by Cybereason, a significant number of SMEs indicated that they do not have a specific plan or people with the right skill sets in place to address the risk posed by a ransomware attack.
A Ransomware Reality Check for SMEs
As well, many SMEs are not as concerned about ransomware attacks because they also feel that their information is less valuable than that of larger organisations, but that’s simply not true – if it were, attackers wouldn’t see a financial incentive for targeting SMEs.
In fact, the 2021 Data Breach Investigations Report (DBIR) confirmed that financial gain was the central motive for threat actors who target SMEs both small (fewer than 1,000 employees) and large (more than 1,000 employees).
Notwithstanding those findings, there are plenty of SMEs that fail to pursue the essential security measures that could prevent ransomware and other attacks from being successful.
And the notion that an organisation can simply pay a ransom demand and easily regain access to their systems and data in lieu of investing in more robust security to prevent a ransomware attack is uninformed, as is the idea that cyber insurance will cover the aggregated losses following an attack.
For instance, about half of the SMEs who participated in the Cybereason study indicated they did not have any endpoint protection or antivirus solutions deployed on their systems, despite the fact that these solutions are readily available and are not cost-prohibitive for smaller organisations, especially when compared to ransom demands averaging between $350,000 – $1.4-million.
In addition, of the organisations that were the victim of a ransomware attack and opted to pay the ransom demand in exchange for the decryption tool to recover their encrypted data, nearly half reported that some or all of the data was corrupted during the recovery process.
And of the respondents who suffered ransomware attacks and had cyber insurance, about half indicated that the policies only covered a portion of the costs or none at all. Costs associated with a successful ransomware attack typically include loss of revenue, damage to the organisation’s brand, unplanned workforce reductions, closure of the business for a period or permanently, and more.
“IT Does Not Pay to Pay Ransomware Attackers”
These findings underscore why it does not pay to pay ransomware attackers, and that businesses should focus on early detection and prevention strategies to end ransomware attacks at the earliest stages before critical systems and data are put in jeopardy.
Ransomware attacks are a major concern for businesses across the globe, often causing massive business disruptions including the loss of income and valuable human resources as a direct result.
Paying a ransom demand does not guarantee a successful recovery, does not prevent the attackers from hitting the victim organisation again, and in the end, only exacerbates the problem by encouraging more attacks.
Getting in front of the threat by adopting a prevention-first strategy for early detection will allow businesses to stop disruptive ransomware before it can hurt the business.