Rising Ransomware Attacks: How to Protect Your Small Business
An estimated half to three-quarters of ransomware attacks target small and medium-sized businesses.
These numbers are alarming when of small businesses aren't prepared to handle a cyber attack as they don't think they'll become a victim, according to Secretary of Homeland Security Alejandro N. Mayorkas during a webinar hosted in May by the U.S. Chamber of Commerce.
Mayorkas shared that the overall rate of such attacks increased by more than 300 percent compared to the year prior.
鈥淪mall businesses comprise the backbone of our nation's economy, and it is perhaps for that very reason that individuals who seek to pose a threat to our nation 鈥 who employ cyber tools (like) ransomware as the vehicle for realizing that threat 鈥 target small businesses as extensively as they do,鈥 Mayorkas said.
( is malware that aims to encrypt files on a device, causing any files and systems that rely on them to become useless. Essentially a hostage situation, hackers demand that businesses pay a ransom if they want their information or data returned.)
Businesses Forced to Adapt Quickly; Now Vulnerable
Small businesses have had to adapt quickly, rushing to change their operations to accommodate the current environment, such as turning to remote work and expanding their e-commerce abilities. Subsequently, it has increased their likelihood of experiencing cybercrimes such as ransomware and phishing attacks.
Hiscox, an international insurance provider, released a report in May that stated that nearly of small businesses experienced a cyber attack at least once over the past year 鈥 accumulating an average annual cost of about $25,000.
"With 63% of the small business workforce now working remotely, over half (53%) of U.S. small businesses believe they are more vulnerable to cyber attacks." 鈥 Hiscox, .
That number trended higher in a U.S. Small Business Administration (SBA) survey, where of small business owners thought they were vulnerable to a cyber attack. On top of feeling helpless, small businesses lack the funds and I.T. resources to devote to securing their data and networks.
Some Small Businesses Remain Skeptical
Even with the uptick in ransomware and phishing reports, many small businesses remain skeptical of the likelihood of a cyber attack. Unfortunately, it is because that they鈥檙e so small that makes them appealing to hackers.
"Small businesses are attractive targets because they have information that cybercriminals want, and they typically lack the security infrastructure of larger businesses," according to the SBA's .
More than 40 percent of all fraud and breach reports involve small to medium-sized businesses, according to .
The report cites the following reasons as to why small businesses are attractive targets for cybercriminals:
- It's easier to identify security weaknesses in their network.
- The payoff is substantial as it likely results in ransom payments, stolen credit card information, or bank account numbers, enabling hackers to funnel cash quickly.
- Large corporations and government agencies pose an increased risk as they invest millions of dollars in sophisticated technological defenses.
鈥淪MEs face most of the same threats,鈥 the report states. 鈥淗owever, most SMEs don't have the means to make anywhere near the investment required to implement comprehensive protection, leaving significant risk uncovered.鈥
Protecting Your Business from Ransomware Attacks
The steep rise in cybercrimes, particularly ransomware attacks, has made it clear why cyber readiness is critical.
According to the U.S. Cybersecurity & Infrastructure Security Agency's , best practices that may help manage the risk from a ransomware or phishing attack include:
- Frequent Data Backups. Remember to maintain encrypted backups of your data offline and test regularly. The critical aspect of keeping and preserving backups offline is that it reduces the chances of a ransomware variant zeroing in and deleting accessible backups. If you maintain offline backups that are current, then there's no need to succumb to hackers' ransom demands.
- Create a plan. Develop and maintain a "basic cyber incident response plan" that outlines communications, including the response and notification processes following an incident. Check out this within the guide to ensure you're covering all your bases.
- Implement a training program. A cybersecurity awareness and training program that incorporates guidance on identifying and reporting suspicious activities will help small businesses strengthen their defenses against phishing attacks.
What resources do you use for your small business to make yourself less of a target by hackers?