Why we forget SMEs are major targets for ransomware

Kaseya, the Colonial Pipeline and JBS Foods made headlines in 2021 for their data being held for ransom. However, it’s important to note these high-profile companies aren’t representative of the “typical” ransomware target.   

According to OpenText Security Solutions’ 2022 BrightCloud Threat Report, 82 per cent of ransomware attacks in 2021 targeted businesses with less than 1000 employees. An additional 44 per cent of attacks targeted businesses with 100 employees or less.

Simply put, SMEs are often the prime target for ransomware attacks. To better understand why SMEs are so appealing to cybercriminals, we must unravel the misconceptions of ransomware and reframe how we think of cyberattacks.

The misconceptions of ransomware

It’s easy to focus solely on a dollar amount; take Kaseya for example. Once cybercriminals encrypted enough of the business’s information, they held the data for $70 million ransom. While a staggering amount, the price tag skyrockets the average ransomware costs. It creates a false sense of security among SMEs that they won’t be targeted simply because they are too small. The BrightCloud Threat Report revealed the average ransomware payment increased in 2021 to $322,168. This is far less than the multimillion-dollar ransomware costs that dominate headline news.

SMEs are a sweet spot for hackers to exploit because they often lack cybersecurity resources, both technology and security expertise. SMEs require significantly less effort to breach than large enterprises, therefore are perceived ‘low-hanging fruit’ for cybercriminals looking to widen their net.

Another misconception is that cybercriminals are tech-savvy behind a keyboard. While this may have been the case once, it no longer applies today. An increasingly popular business model among malicious actors is “Ransomware as a Service” (RaaS). Using RaaS, aspiring cybercriminals can acquire fully operational ransomware without any coding. If an attack is successful and a ransom is paid, the RaaS cybergangs take a 30 per cent cut of the payout. 

Reframing how SMEs think about ransomware and putting policies and technology in place to better protect themselves is critical to avoid falling victim to a ransomware attack.

Reframing ransomware

Creating cyber resilience requires strong multi-layered security and data protection policies to prevent, respond and quickly recover from threats. While this may sound difficult and costly, there are a few simple steps that SMEs can take to limit the scope of successful attacks.

Ransomware attacks increased when employees started to work from home due to government mandates and lockdowns. Locking down Remote Desktop Protocols (RDP) is a quick way to get started on the path to cyber resilience. Trends over the past year have shown that open RDP ports are the most common entry point for data breaches among small businesses because of their simplicity. SMEs must ensure their remote collaboration technologies are always secure.

If systems or data have been comprised, the ability to stop lateral movement is key to quickly recovering from cyberattacks. Having a strong backup and disaster recovery plan, supported by technology, for critical files can undermine the leverage cybercriminals have against a business and allows for less disruption to business continuity.

Virus protection software and security awareness training are other steps SMEs can take to better protect themselves from a ransomware attack. Security training can’t be a “one and done” deal; it needs to be continuous and delivered in a way that employees find engaging so that they understand and follow it.

No business, regardless of size, is safe from cybercriminals. Putting policies and technology in place to minimize the effectiveness of potential ransomware attacks is essential. And as new threats emerge and evolve, so must security awareness training. Keeping users up to date on the latest scams and attacks will help transform employees from a weakness into the first line of defence.