Report: Many SMBs wouldn’t survive a ransomware attack

A successful ransomware attack can devastate any size organization. But small- and mid-sized businesses are often more vulnerable as they have more limited financial and technical resources to help them recover. A new report from cybersecurity provider CyberCatch reveals why SMBs may not be able to withstand an attack and offers advice on how they can better protect themselves.

SEE: Mobile device security policy (TechRepublic Premium)

The report is based on a survey sponsored by CyberCatch and conducted independently by market insights company Momentive. Designed to question SMBs about their susceptibility and resiliency to a ransomware attack, the survey collected responses from 1,200 small- and medium-sized businesses in the U.S. and Canada. The respondents worked for companies with fewer than 500 employees with for-profit and not-for-profit organizations included.

Must-read security coverage

• UK Police Convicts Pair in £5.5 Billion Bitcoin Launder Case
• Blackpoint Cyber vs. Arctic Wolf: Which MDR Solution is Right for You?
• How GitHub Is Securing the Software Supply Chain
• 8 Best Enterprise Password Managers

Among those surveyed, 30% said that they don’t have a written incident response plan to respond to cyberthreats such as a ransomware attack. Among those that do have this type of plan, 35% last tested it more than six months ago. Some 20% of the respondents said they don’t have offline backups of critical data that could be encrypted in an attack. And 34% said they don’t give employees phishing tests to determine their exposure to risk.

Consequently, a full 75% of the respondents said their company would survive only three to seven days following a successful ransomware attack. Breaking that down, 47% would survive for only three days, while 28% would survive for up to seven days.

The results also varied by industry and sector. As examples, 50% of law firms, 42% of insurance brokers, 37% of non-profit organizations and 27% of retail companies lack a written incident response plan. Further, 83% of law firms, 84% of insurance brokers, 72% of non-profit organizations and 70% of retail companies said they would survive only three to seven days after a ransomware attack.

“Ransomware is an existential threat to SMBs who are a critical part of the supply chain,” said CyberCatch founder and CEO Sai Huda. “Foreign adversaries and criminal gangs will increasingly attack SMBs with ransomware to not only extort ransom payments but also use as the entry point upstream to the eventual target, a large company, critical infrastructure, government agency, healthcare organization or other high value target.”

SEE: Password breach: Why pop culture and passwords don’t mix (free PDF) (TechRepublic)

To help SMBs better protect themselves from a ransomware attack, CyberCatch offers the following seven tips:

• Establish a written incident response plan. As threats typically change and evolve quickly, make sure you test and update the plan at least every six months.
• Scan internet-facing assets. Regularly scan your internet-facing IT assets for security vulnerabilities and patch them as soon as possible so that attackers can’t exploit them.
• Test employees. Regularly give your employees simulated tests on phishing and social engineering attacks so they know how to avoid downloading malware and providing account access to attackers.
• Segment your network. Segment your network into different portions, each one separate from the other. Also, be sure to air gap critical IT assets to prevent any ransomware from spreading across your entire network.
• Require MFA. Require multi-factor authentication on all users or at least on all privileged users. MFA is still one of the best ways to stop attackers from using stolen credentials to launch ransomware.
• Store backups offline. Make sure you save backups of critical files offline so that attackers can’t find and encrypt those backups.
• Test your cybersecurity defenses. Finally, regularly test your cybersecurity tools and technologies from the outside and inside so you can discover any flaws or problems before attackers exploit them.