Ransomware is the most significant cyber threat to SMBs

null

Ransomware continues to be the leading cyberattack method experienced by small-to-medium sized businesses (SMBs) according to new research from Datto Inc.

The firm surveyed 2,400 managed service providers (MSPs) that support the IT needs of nearly half a million SMBs worldwide.

Datto found that revenue lost to downtime can cripple a small business with the average attack being 10 times more costly to the business than the ransom itself costing a business $46,800 on average and the ransom requesting around $4,300 per attack.

Attacks are also more frequent and are expected to increase. More than 55 per cent of MSPs stated their clients experienced a ransomware attack in the first six months of 2018. 

Additionally 35 per cent said their clients were attacked multiple times in the same day and 92 per cent of MSPs predict the number of attacks will continue at the current rate or higher.

Ransomware attacks

Datto also discovered that antivirus software solutions are ineffective against ransomware with 85 per cent of MSPs reporting that ransomware victims had antivirus software installed on their devices. 65 per cent of reported victims also had email and spam filters installed while 29 per cent reported victims had pop-up blockers that failed to block ransomware attacks.

Apple's devices are known for being less susceptible to cyberattacks but Datto's research highlighted the fact that there was a fivefold increase in the number of MSPs reporting ransomware attacks on macOS and iOS platforms over the last year.

Chief Information Security Officer at Datto, Ryan Weeks explained that businesses must prepare for the eventuality of a ransomware attack, saying:

“It’s time to think differently--businesses large and small, should plan for a ransomware attack. That way they are equipped to respond when it happens. There are immediate steps that companies can and should take to increase IT resilience and prevent against future attacks. Integral to those steps include end-user training, endpoint protection, and an intelligent backup.”