Ransomware use has exploded over the past year or so, particularly in the UK, simply because it works and is an easy way for cyber criminals to make money. And many businesses are aware of this fact.
However, what many smaller businesses get wrong is they assume they’re not the ‘real’ targets. A common misconception we hear regularly is that small and medium businesses (SMBs) think they are unattractive attack targets as they think attackers would rather spend their time going after large enterprises.
But this misconception is far from reality. If anything, SMBs can be more prone to attacks as they’re assumed to be resource-limited and have less IT-savvy employees. And we’re not just talking about your common phishing email or basic malware attack.
There’s clearly a lot of work to be done here: from our survey, 5 per cent of UK SMBs think they don’t need a cyber attack plan and 9 per cent view cyber security as a hindrance.
User education is key for preventing malware such as ransomware from entering the network. Our research shows nearly three quarters (74 per cent) of ransomware attacks entered via email, often via social engineering attacks. Phishing and spear phishing attacks continue to become more sophisticated, with even IT-savvy users being fooled.
It only takes one area of vulnerability to leave the backdoor open on a network. Last year’s WannaCry attack highlighted the importance of keeping up with routine patches. Small businesses tend to be slower to implement patches, making them a huge target for similar attacks.
Protection and prevention are key in the new age of sophisticated and super targeted attacks. Some organisations still have a long way to go in terms of prevention, as our study showed 30 per cent of SMBs do not have a cyber attack plan in place at all, even though smaller businesses can be seriously disrupted by an attack of this nature.
A powerful advanced threat protection strategy should enable small businesses to easily detect and prevent threats within the network. However, it is inadvisable to keep all of your eggs in the prevention basket. The reality is that unfortunately we should no longer prepare for ‘if’ we get attacked, but ‘when’.
Cyber attacks are inevitably going to get in, simply due to the volume of attackers out there and the level of sophistication they employ. Although we can do our best to keep them out, we cannot be naive enough to think we can always prevent them from getting through.
Ultimately, the key is balance. SMBs need to adopt a prevention and recovery system rather than one or the other. A sophisticated threat protection strategy will allow organisations to not only detect but prevent threats within their networks. A reliable backup solution will then enable you to restore business-critical data so that business disruption is minimised, and test the backups regularly. If you do fall victim to an attack, you can simply restore from the most recent backup set to get up and running again within minutes.