Datto have released their annual Global State of the Channel Ransomware Report for 2020. They have interviewed more than 1000 managed service providers (MSPs) around the world. The report gives details on the state of ransomware from the perspective of the professionals responsible for managing small and medium-sized business (SMB) IT systems. Here are some of the key findings:
COVID-19 and remote working
The number of ransomware attacks has increased during COVID-19, largely precipitated by people working from home, using personal computers that are not secure and are possibly being shared by an entire family who do not follow the best security practices.
Business owners do not see the threats
An interesting statistic in the report is that, while 84% of MSPs believe that SMBs should be very concerned about ransomware, only 30% of SMBs are concerned. The SMB figure was even lower in Europe, at 19%. This indicates a problem regarding awareness within SMBs of the threats. That said, 50% of MSPs report that their clients’ security budget had increased in 2020, most likely because of the COVID-19 pandemic and the increase in home working.
Ransomware is becoming more evasive
MSPs report that ransomware is becoming better at evading detection, with 50% of MSPs stating that it got through all security defences. This is largely because cybercriminals use a slightly modified version of their ransomware for each attack so that it avoids detection. Using a multi-layered approach to cybersecurity is more likely to prevent an attack than just using a single solution.
SMBs must assume that it is a case of, not if, but when you will be attacked, and prepare for that eventuality.
Having a defensive in-depth approach, encompassing cybersecurity tools, business continuity and disaster recovery (BCDR) solutions, incident response planning and user awareness training, will give you the best chance of avoiding an attack, and recovering from an attack when it happens.
Phishing is the number one cause of ransomware attacks
54% of MSPs reported that phishing emails were the leading cause of ransomware attacks amongst their clients. Using security solutions to detect and block phishing emails is important, but not as important as educating your users on how to recognise and report suspected phishing emails.
Quick recovery minimises impact
Ransomware attacks can have a massive impact on a business’ ability to operate. The biggest consequence of a ransomware attack is the loss of productivity caused by downtime. Having the ability to quickly recover from an attack is key to minimising the impact. Clients with BCDR solutions and plans are far less likely to experience significant downtime. 91% of MSPs said clients with BCDR were able to recover from a ransomware attack very quickly.
The reputational damage caused by an attack cannot be understated. If your customers think you are not taking care of their data, are they likely to go elsewhere?
Ransomware is not going away. In fact, each year the numbers increase. This is because it is very profitable for cybercriminals. While they are able to extort money from their victims, they have a business model that is profitable, and they will continue.
While paying the ransom should never be completely discounted in your incident response plan, it is a risky approach as there is no guarantee that the cybercriminals can be trusted to complete their side of the bargain. Plus, paying cybercriminals only perpetuates the problem.
The best way to protect your business from ransomware is to have a layered approach which comprises cybersecurity awareness training, incident response, cybersecurity tools, and a BCDR solution.
If you are interested in understanding how we can help you to protect your business from ransomware please click this link to arrange a call. We’d be delighted to discuss this with you.