Ransomware Cyber Attacks continue to plague businesses large and small to such a degree that it has prompted an open letter from the White house. Yet a recent survey of small business owners shows that only half of surveyed businesses feel prepared to respond in a timely manner to limit the impact of a cyber security incident and just 58% have a response plan that is ready for immediate action.
As larger companies beef up their cyber security and cyber treat action plans more small businesses are finding themselves under attack. In fact 43% of cyber-attacks are thought to be against businesses with less than 250 employees, increased 424% since last year, demonstrating that being “too small” is not a defense against a cyber-attack and that small businesses may even be targeted due to their lack of priority when it comes to cyber security.
Ransomware attacks tend to be some of the most crippling form of cyber attack as they can immediately bring a company to a halt by restricting the access to important data or systems. Cybercriminals then hold the data/system hostage demanding a ransom to return access to the victim and/or to prevent the data being leaked – making these attacks more damaging and costly. Ransom payment demands are high, but so are the costs of a data breach which include reputational damages, regulatory fines, dilution of trade secrets, and class action lawsuits. Not to mention the cost of lost income or production while back up files and systems are being restored – a process that can take days or weeks to complete.
However, even compliance with the ransom demands will not prevent the cybercriminal from sharing sensitive data or selling it for future extortion.
Ransomware statistics worth knowing1
- $377,000 is the average cost of a single ransomware attack
- The global cost of ransomware attacks has increased by 73.9% since 2019 and 150% since 2018.
- The average ransomware demand is $84,116
- Business disruption is the main objective of 36% of cyberattacks
- 1 in 5 ransomware victims are small businesses
What can you do about it?
Cyber-attacks are a frightening reality, and 100% protection is impossible. However, there are ways to lower your chance of attack and mitigate damage.
- Train employees in cyber security principals.
- Identifying phishing scams
- Not plugging in unknown devices such as USB keys
- Make sure firewalls and routers are secure and kept up to date
- Conduct frequent data backups
- Download and install updates to software and operating systems as they become available
- Use multifactor authentication (MFA)
- Encrypt sensitive data
- Limit employee ability to install software
- Create and implement an effective incident response plan
- Regularly change passwords and have a strong password policy
- Each login password should be unique.
- It is also recommended that passwords be complex and between 15 and 20 characters long.
- Due to the complexity of memorizing multiple complex passwords, you may want to investigate using a password manager
- Keep critical networks separated and segmented and restrict access.
- Make sure you are covered by a cyber liability insurance policy!