By Manish Alshi, Head, Channels & Emerging Technology, Check Point Software Technologies, India & SAARC
Over the last year, ransomware is unfortunately a threat we are becoming increasingly aware of and want to prevent, impacting every sector as attacks increase in frequency and sophistication all the time.
Yet, few small and medium sized businesses (SMBs) realise they are just as at risk, if not more so than larger enterprises. In fact, in 2022 alone, 61% of all cyberattacks were aimed at small businesses.
The importance of SMBs in India cannot be ignored where the Ministry of State for Micro Small and Medium Enterprises stated that MSMEs contributed to 35.98 percent of India’s total manufacturing output in 2020-21, with MSMEs providing employment to about 111 million persons in India and contributing to approximately 50 percent of overall exports from the country. Infact, MSMEs account for 27 percent of India’s GDP and serves as the backbone of the economy according a recent Assocham-Crisil report.
Part of the appeal for these cyberattacks on SMBs is that SMBs retain a wealth of confidential information from medical records to bank accounts, all of which cybercriminals can either sell or hold for ransom. The initial cost of a ransomware attack can be crippling, not to mention the additional fines SMB companies may be subject to if confidentiality laws are breached. Add to that the loss of customer trust that many SMBs rely on to compete with larger companies, and you get a clearer picture of how devastating an attack can be.
A criminal enterprise with extortionate returns
Ransomware is favoured by many hackers because it is quick to deploy and offers lucrative returns. Commonly, criminals gain access to high value data and encrypt it so that it cannot be accessed without an unlock code, which is offered in exchange for cash, lots of cash. In 2021 it was reported that ransomware attacks globally resulted in businesses handing over more than $49 million.
However, it’s key to remember, we are dealing with criminals and there is no guarantee that once the ransom has been paid that your data will be unlocked. Some may even try to raise the stakes by launching a double or triple extortion attack, where they leak some data to increase the pressure and demand more money from individuals or organisations.
As threat levels increase in frequency and sophistication, how can SMBs increase their cyber resilience to prevent a ransomware attack? Here are three key steps that could make a big difference:
Step 1: Patch regularly and keep IT equipment up to date
It may sound simple but keeping on top of the latest software and security patches could prove invaluable when it comes to protecting your organisation against any potential cyber threats. This is especially true when you consider a recent survey found that 80% of all BYOD in a company are not managed.
Applying updates for tablets, smartphones, laptops and PCs as soon as they are available is one of the most important steps you can take to improve security. Ensuring operating systems, software programmes, phones and apps are set to ‘automatically update’ prevents gaps in your security posture.
Step 2: Control the use of USB sticks and external hard drives
SMBs expect 40% of employees to continue working remotely for at least part of the week. Ensuring their security is managed correctly should be your highest priority. For example, we’ve all been tempted to transfer files between colleagues or organisations using an external memory stick or USB drive, but it only takes one unsecure device to compromise an entire network.
When these sticks and drives are openly shared, it becomes increasingly difficult to track the files they contain. On top of this how do you know who has used the device previously and where it has come from? Using endpoint protection tools, blocking access to physical ports and only allowing the use of approved sticks or memory cards can all reduce the likelihood of a breach.
Step 3: Don’t backup data to your main server
Often companies are lulled into a false sense of security because they have a back-up somewhere, but in many cases, they are saved on the same server as all of their other data, meaning it will all become available during an attack.
Instead, organisations should identify essential data that your business cannot function without and have a completely isolated, off-site network backup so when they are recovering from a ransomware attack, employees can access key files that allow them to continue with day-to-day operations.
Prepare for change
Ransomware is a growing problem and is showing no signs of slowing down. As a result, SMBs need to act now before an attack occurs. Your cybersecurity strategy isn’t a one-off project, it needs to be agile so that it can adapt as the threat landscape changes.
The methods hackers use are constantly evolving and as such your business needs to be prepared to change your approach at the same rate. It is essential that this becomes a priority for every SMB because any delays can result in a devastating outcome.