Ransomware reality is biting, so how do small businesses bite back?


Ransomware attacks have bitten a gaping hole in the pockets of businesses that are having to pay extortionate ransoms to sophisticated criminal organisations. This has only worsened with the onset of mass remote working. Right now, a new ransomware attack will occur every 11 seconds, according to CyberSecurity Ventures. To put this in context, in the five minutes it takes you to read this article, 27 businesses will have been attacked by ransomware.

We know we shouldn’t give in and pay, but the majority of us will, unfortunately, pay the ransom because we simply can’t afford to feel the damage of downtime. This is especially true for small businesses. The need for a quick fix is only heightened by the limited resources in terms of budget and manpower as well. Even though cyber-attackers usually don’t target a particular demographic, when they hit small businesses, they are hit hard.

Now is the time to bite ransomware back and it starts with knowing the ins and outs of it. From there, any business – small or large – can set themselves up to fight against such attacks.

Remember this is organised crime

It’s easy to forget that there’s a criminal behind the ransomware that makes itself at home within your business system. Ransomware is organised crime, and it works innovatively to infiltrate your business and your supply chain.

The downside to such a connected and digital world means an attacker can operate in completely different areas of the world, making it difficult to prosecute using the same legal system your business is subject to. The reality is that a clampdown of this scale is going to require international cooperation and government action beyond anything we’ve seen in the cybersecurity sphere. And of course, this is going to take time, which is something small businesses don’t have when facing constant threats.

The answer? Previous cybersecurity measures won’t be enough – we have to adapt to the enemy by deploying modern data protection measures.

Think like a hacker

In the same way that a detective has to think like a criminal to solve a crime, the only way businesses can protect themselves is to think like hackers. They’re relentless, hyper-aware, and stringent.

Good digital hygiene must become second nature, as opposed to something practised for a week following annual cyber security training, and forgotten about until the next one. Failure to patch software should create the same attention as failing to lock up the office overnight. Not having a disaster recovery plan is akin to skipping contents insurance.

Also, think about the hacker’s success rate. They dedicate their time to evolve and innovate to overcome the security barriers that are holding them back. We need to anticipate they will eventually be able to do this, even if the best cybersecurity defences are in place. As we can see from the number of businesses paying ransoms, an attack can cause enough damage to push businesses into paying out rather than taking alternative routes.

Businesses must invest in modern data protection practices to minimise the impact of ransomware attacks. Viewing attacks as an inevitability is the first step towards creating a more cyber-secure culture, with employees who are more educated and aware of ransomware. Businesses also need to have the right safeguards in place to minimise disruption, including anti-virus software and firewalls, plus continuous backup and recovery to offer adequate insurance against the crippling effects of ransomware.

If the worst happens, the business won’t collapse and the attacker won’t get everything they want. The cybersecurity landscape may feel rocky right now, but there are steps we can and should take to better protect ourselves from the damages.