Why Canadian SMBs are threatened by ransomware and other malware attacks
You do have to hand it to the cyber attackers: ransomware are a pretty clever approach. Which is what makes it such a dangerous threat for business owners. Especially small businesses. And if that surprises you, you’re not alone: it makes sense to think that big enterprises would be the jackpot targets for attackers to go after. However, if you dig a little deeper into the nature of ransomware attacks, you start to see why small businesses make the better targets. Let’s take a look at three big reasons why attackers will target small and midsize businesses with ransomware attacks.
More targets. More success.
Think about it from the perspective of a cyber attacker. You have two options. Option one: do research on a bunch of companies to see who’s going to be a profitable target, then launch a malware attack to scrape or remotely access their system, and after all that, go through all the files to find what’s useful to you. Option two: target a number of businesses at random and know for certain that it’s going to pay off, without even having to look through their files. Ransomware is becoming more popular for one very simple reason: it’s easy, it’s fast, and it’s often successful. It doesn’t matter where you’re located or what you do – any small business that relies on accessing their files or services (so… most businesses) is the perfect target for a ransomware attack.
You’re makin’ it easy
While most companies will say that they’re concerned about cyber threats and security, many are doing it half-heartedly, relying on just one line of defence, when they should be looking at a multi-tiered approach1. Another study showed that less than half of employees surveyed reported their companies updated their security software regularly. And with threats and malware evolving quickly, outdated software is a huge risk for your business2. An area frequently exploited by ransomware attacks: weak passwords. One of the biggest ransomware threats to come out in the past few years, a program called SamSam, entered systems by using tools that would try a variety of login attempts as quickly as possible. And it would often succeed when the victim’s password was weak and easily guessed. So it turns out, weak passwords are a huge area of opportunity for attackers. Attackers target small and medium-size businesses because they know there’s a greater chance they’re more relaxed on security. If you want to lessen their chances of success against your defences, take a look at our Top 5 cybersecurity tips for small businesses.
Remember that one piece of ransomware we mentioned above? SamSam? From late 2015 to 2018, the creator(s) collected an approximate $6 million (USD) using this one ransomware3. So saying that ransomware attacks are a pretty profitable business for hackers is an understatement at best. And they don’t have to squeeze large corporations for millions of dollars in one go. Almost any business will pay to regain access to files or services that they’ve been locked out of, because business relies on them. In one survey, 61% of respondents said that their business could only continue to function for up to a few days without access to their digital files or network – and with that 61%, over half of them thought that the business wouldn’t be able to function after just a few hours4.
Ransomware attacks exploit this very real issue because they know you’ll put a high price on keeping your business moving. In that same survey, of businesses that had experienced some sort of cyber attack in 2016, a quarter of them lost money from paying to regain access to their files, hardware or network5. So what can you do to avoid being among those countless small businesses that have lined the pockets of ransomware attackers? In addition to frontline security protocols, your best bet is to take backups seriously. Always have a backup of your files that you can access even if your system has been hacked. A managed, cloud-based backup system that automatically backs up your files for you will make sure that you’re prepared and have access to files even if your original documents are blocked by ransomware.
Here’s the good news:
You’re armed with knowledge now, which already lowers your risk of being counted among the growing number of small businesses that are hurt by ransomware attacks every year. But here’s the catch: that knowledge is only as good as the actions you implement because of it. Fortunately, with so many tools at your disposal, you can have a layered security system that can help prevent attacks and help you recover from them in the event that they do get through your security system.