Ransomware is an epidemic, laments Hatem Naguib, senior vice president and general manager of Security at Barracuda Networks.
On the plus side, the vast majority of organizations (92 percent) that were recently surveyed by Barracuda are worried that ransomware may strike. However, at concern doesn't necessarily translate into prevention.
Nearly half of those polled (47 percent) admitted to having fallen victim to ransomware. Of those, 59 percent could not find the source of the attack. Among those who could identify the source, 76 percent attributed it to email.
And businesses are finding little solace in the cloud. Seventy percent said that Microsoft Office 365, the software giant's popular cloud-enabled productivity software suite, doesn't do enough to protected them from ransomware.
Barracuda drew its findings from the responses of over 1,000 organizations across Europe, the Middle East and Africa (EMEA), along with the Americas. They varied in size from one to 10,000 employees, with the largest percentage of responses (18.1 percent) gathered from midsized businesses with 100 to 250 workers.
Despite this, Barracuda's study holds valuable lessons for all small and midsized businesses (SMBs).
SMBs in the Crosshairs
"Today, small businesses are very lucrative targets. Typically, they are more financially attractive than a consumer, yet also do not have the resources or protections in place like a large enterprise might, making them the perfect target for an attack," Naguib told Small Business Computing.
Attackers are also getting craftier, he warned. In the hopes of a big payday, attackers are using targeted approaches that sneak past typical security products. Naguib noted that "attacks have become more sophisticated and highly personalized, many of which bypass traditional gateway defenses because they do not always contain things like malicious links or files. Simply put, these attacks are personal."
While it may seem like a lot of work to ensnare SMBs, attackers are more than willing to make the effort.
"A company, of any size, shouldn't assume it is immune to ransomware. The question is not - if you've been hit, but more likely, do you know yet if you've been hit," Naguib said.
Cybercriminals have a good reason to target SMBs for the simple reason that a lot of smaller victims with access to cash, that are also desperate to get their business data back, can add up to a nice chunk of change.
In 2015, consumers and victim organizations paid $24 million in ransom, according to a study from Canadian cybersecurity specialist Herjavec Group. Last year, that figure skyrocketed to an estimated $1 billion worldwide.
Luckily, there are ways to keep ransomware at bay and prevent your company from contributing to 2017's tally.
"SMBs need to stay vigilant in keeping up their security defenses, the best of which still include a combination of people and technology. First, training employees on the importance of staying aware is no longer a nice to have, but [is] a critical piece of any security strategy," said Naguib. He encourages businesses to provide refreshers on the dangers of clicking links contained in phishing emails and unsolicited attachments.
"But even the most well-trained employees will inevitably make a mistake, so it's critical to put in key security protections – especially for email, the most common entry point for ransomware," Naguib added.
It's also crucial that SMBs backup their data religiously. If and when ransomware strikes, companies with a solid backup and recovery plan are in a much better position to recover the files that were encrypted by the malware and get back to work quickly.