Ransomware attacks cost businesses £71m in downtime between 2017-2018
Ransomware attacks can cause small and medium-sized businesses significant financial harm, downtime and reputational damage, according to a new report.
Datto Inc's State of the Channel Ransomware Report says that in 2016/2017 ransomware cost European SMBs (small and medium-sized businesses) GBP71 million in downtime-related costs, with the average ransom demand being between GBP350 and GBP1,407. Responses were gathered from Datto's channel partner community of 150 managed service providers (MSPs) serving more than one million SMBs across Europe. The report also reveals that:
- Paying ransoms is still viewed as the least bad option by some, with 21% of businesses handing over cash and 18% of those still not regaining access to data
- 11% of MSPs reported that a ransomware virus remained on the client's system after the first attack and struck again later
- Despite the increasing frequency of attacks, fewer than 33% are reported to authorities
- 78% of MSPs reported that clients experienced 'business-threatening' downtime
- A lack of cybersecurity training (45%) and phishing emails (42%) are cited as the leading causes of ransomware attacks
- 54% of MSPs reported that clients without a reliable backup and disaster recovery plan couldn't make a full recovery after an attack, while 93% revealed that those that had one were able to do so
"Defending against ransomware requires a multi-layered cybersecurity strategy," said Mark Banfield, SVP at Datto. "No single defence is enough, as proven by the number of attacks despite antivirus [software] being in place.
Cybersecurity training needs to be combined with malware blockers and detectors, with a reliable [backup and disaster recovery solution] providing the last line of defence. "It's also alarming that a lack of cybersecurity training is cited as a reason for ransomware's growing effectiveness," continued Banfield. "Many SMBs take their chances by not even providing basic training, but this simply increases the chances of phishing emails and other social engineering attacks being successful. Businesses must teach employees to identify the red flags.
"When SMBs take regular snapshots of networks, they are able to simply spin up systems from a healthy point should a ransomware attack take hold. Critically, this mitigates having to pay the ransom and the downtime suffered from not having access to critical data."
Free Download: Security sector insights in the age of terror and the cyber-attack
This round-up of articles, which distills several presentations from IFSEC 2017 to their key tips and insights, focuses on counter-terror and cybersecurity - especially regarding physical security
systems - as well as drones, access control trends and CCTV procurement.
Jemez Technology joins Arecont's partner programme
Inner Range's Integriti V18 update adds licence plate credentials and application-layer high availability