Is your company too small to be hit by ransomware? Don't believe it

While many say ransomware is a serious threat, others believe they're too small to be targeted. They're wrong.
Written by Danny Palmer, Senior Writer

Your business is never too small to be hit by ransomware.

Image: Getty Images/iStockphoto

Ransomware could potentially lead to the downfall of a small to medium-sized organisation, but few believe they're equipped to handle it if their network is infected with malicious file-encrypting software.

Ransomware has boomed in the last year, with cybercrminals exploiting it to nefariously rake in more than $1 billion. There were numerous high-profile incidents of large organisations falling victim to ransomware, including the Hollywood Hospital which paid a $17,000 ransom to have its systems restored.

However it isn't just big businesses which cyber-fraudsters are targeting; smaller organisations are in the crosshairs too. But research by Carbonite and the Ponemon Institute suggests small and medium-sized businesses are often unaware they could be a target for ransomware, meaning they often don't have a plan for if they become victims.

According to the newly released Rise of Ransomware report, many SMEs understand the threat of ransomware, with 66 percent of respondents surveyed saying they believe the threat of ransomware as "very serious" while 68 percent said their company is "vulnerable" or "very vulnerable" to ransomware attacks.

However, while many SMEs appear to understand the threat of ransomware, that isn't translating into action, with over half of organisations surveyed under the impression that they're too small to be a target. It's because of this misplaced confidence in not being targeted that just 13 percent of those surveyed rate their company's preparedness to prevent ransomware as "high".

The main problem faced by SMES is that they just don't have the appropriate technology to detect and prevent ransomware cyberattacks in place. Only 27 percent of SMEs queried are confident that their current antivirus software will protect their network from a ransomware attack, while a further 44 percent say that ransomware has previously bypassed their protections.

The immediate consequences of an SME falling victim to a ransomware attack is that they pay a ransom, with Ponemon's figures suggesting that 48 percent of those falling victim end up paid an average ransom of $2,500 to cybercriminals in order to restore their systems.

But the consequences don't end there. Those businesses which have fallen victim continue to lose money. Thus is not only due to the downtime caused by the cyberattack, but also because of lost customers and the need to invest in new technologies to prevent further attacks.

One of the key ways to avoid falling victim to a ransomware attack is by training employees to recognise threats such as phishing and social media manipulation to such an extent they'll be able to spot the signs of a malicious attack without falling victim.

However, just 29 percent of SMEs believe are confident their employees can detect risky links or sites that could result in a ransomware attack. That needs to change if they're ever going to reduce the risk of becoming victim.

"Ransomware will continue to outpace the rate at which businesses can defend against it," said Norman Guadagno, chief evangelist at Carbonite. "Now is the time to act: educate staff on simple measures to avoid an attack and update your data protection measures now, before it's too late."

This study was conducted by Ponemon Institute on behalf of Carbonite among 618 individuals in small to midsized organisations in the US who have responsibility for containing ransomware infections.

Read more on cybercrime

Editorial standards