Datto, Inc. has announced the findings of its third annual Global State of the Channel Ransomware Report, which found that ransomware, a kind of malicious software that threatens to make business data inaccessible until a ransom is paid, continues to be the leading cyber-attack experienced by SMEs.
The report surveyed 2400 managed service providers (MSPs) that support the IT needs of nearly half a million SMEs around the globe. The survey also revealed the powerful impact these attacks have on businesses, including that:
“The number one threat for small business CEOs is thinking they are immune to ransomware attacks,” said Michael Drake, CEO of masterIT, an MSP in Memphis, Tennessee who has helped clients recover from ransomware attacks. “They think they don’t have anything the hackers want, so it’s not worth the price to protect themselves. When something happens, they’re shocked by the cost to get everything back up and running. It’s mind-blowing.”
While the report findings alone are alarming, most businesses don’t report attacks. The survey found that less than one in four ransomware attacks are reported to the authorities.
“In the past five months alone, we’ve been contacted by companies we don’t currently work with for immediate support involving ransomware attacks,” said Jeff Howard, Founder and Owner, Networking Results, a Dallas and Fort Worth IT services and solutions provider. “Not only have ransomware attacks increased in recent years, but the problem may even be bigger than we know, as many attacks go unreported. While we encourage every victim to notify all relevant parties – including their attorneys, insurance providers, FBI, etc. – not all are quick to follow that counsel.”
“It’s time to think differently – businesses large and small should plan for a ransomware attack. That way they are equipped to respond when it happens,” said Ryan Weeks, Chief Information Security Officer at Datto. “There are immediate steps that companies can and should take to increase IT resilience and prevent against future attacks. Integral to those steps include end-user training, endpoint protection, and an intelligent backup.”
When it comes to protecting SMEs, the report also found: