Every company is vulnerable to cybercriminals – especially SMBs because their infrastructure is usually less secure. Use data backup as part of your security strategy against ransomware.
Cybercriminals want to hold your information for ransom. And they are coming after your small to medium sized business because your networks are usually less secure than larger businesses.
Don't just take my word for it.
The FBI estimates that the “ransomware industry” was worth $1 billion in 2016. That number is expected to grow in 2017.
“I just work at a small company – just 20 people. We don't have anything worth a hacker's time,” you might be thinking. Osterman research¹ reveals that 80% of “organizations have been the victim of a cyber attack during the past 12 months and nearly 50% have been the victim of a ransomware attack.” And note that ransomware attacks are generally under-reported.
While it's the major attacks like the WannaCry ransomware virus that hit the UK's National Institutes of Health and other major companies that are covered on the nightly news, the average ransom demand is just over $1,000. That means they're coming after you.
There is one tactic to avert most of the harm of a ransomware attack (and it's something every business should be doing anyway: backing up your data.
But first, what is ransomware?
Ransomware? What's That?
Here's the Wikipedia definition:
“A computer malware that installs covertly on a victim's computer, executes a cryptovirology attack that adversely affects it, and demands a ransom payment to decrypt it or not publish it. Simple ransomware may lock the system in a way which is not difficult for a knowledgeable person to reverse, and display a message requesting payment to unlock it. More advanced malware encrypts the victim's files, making them inaccessible, and demands a ransom payment to decrypt them.”
In short, it's a virus – usually entering your system via an email phishing attack – that locks your data and will delete that data unless a ransom is paid (and often even when a ransom is paid).
A recent article in The Atlantic discussed ransomware. Here are a few eye-opening statistics for you:
The company’s (Datto) survey of 1,100 IT professionals found that nearly 92 percent had clients that suffered ransomware attacks in the last year, including 40 percent whose clients had sustained at least six attacks. The report found that “less than 1 in 4 ransomware incidents are reported to the authorities.” Factoring in the cost and average amount of time lost to infections—an overwhelming majority of small businesses hit by ransomware face at least two days of downtime—as well as the number of businesses affected by them, Datto suggests that the financial impact of this brand of cybercrime starts in the range of $75 billion each year.
The company arrived at this figure based on an estimate from the Aberdeen Group, a consultancy, that an hour of inactivity costs small companies an average of $8,581 per hour.
Can you afford to take that kind of financial hit?
The affects of ransomware linger. FedEx's TNT unit continues to rely on manual processes for operations weeks after the NotPetya attacks as the company goes through the ransomware recovery process (Source: TechTarget).
Data Backup to the Rescue
Now of course, you still need to implement a security strategy including your network and even your copier hard drives.
That said, a properly planned and implemented data backup strategy can reduce a ransomware demand from a potential business-killer to a nuisance. Data backup will allow you to ignore the ransom note and restore your data from backup.
Depending on backup frequency, there may be some lost data, but that's better than paying a ransom (and many cybercriminals demand a second ransom even after an initial payment; especially if they discover that the information is critical to your business continuity – there is no honor among thieves).
Not only with data backup protect you from being held for ransom, it's something every business should do anyway.
Take the first step; find out how exposed you are to ransomware (or other cyber attacks) with a no-obligation Technology Assessment.
¹Osterman Research – Understanding the Depth of the Global Ransomware Problem.
