SMBs are the Conduit to a Successful Ransomware Attack

In Datto’s latest State of the Channel Ransomware Reportit shows that there is still a lot of work to do to educate and create awareness about the very real threat of ransomware to small and medium businesses (SMBs). In the report, Managed service providers (MSPs)  report only 30% of their SMB clients are “very concerned” about ransomware.

Employees are typically the first point of entry for ransomware into an organization. Unbeknownst to them, they are clicking or falling prey to deceptive tactics used by cybercriminals to gain access and then wreak havoc across a company’s systems.

We can’t stress this enough: Education is an essential piece of an effective ransomware protection strategy. This year’s survey results make that clear: Phishing, poor user practices, and lack of end user cybersecurity training were the three most common causes of successful ransomware breaches.

Security training must go beyond just how to identify phishing attacks. While phishing topped the list, weak passwords, open Remote Desktop Protocol (RDP) access, and a host of other user errors were also to blame for breaches.

Here are the top five leading causes of ransomware attacks as reported by MSPs:

  • Phishing emails (54%)
  • Poor user practices/gullibility (27%)
  • Lack of cybersecurity training (26%)
  • Weak passwords/access management (21%)
  • Open RDP access (20%)

*Survey respondents were asked to select three answer choices.

Two Key Takeaways

Prepare your employees to be the front line of defense. Today’s companies must provide regular and mandatory cybersecurity training to ensure all employees are able to spot and avoid potential attacks. Better security training could significantly help to mitigate ransomware attacks. To be effective, training needs to simulate real threats and test employees’ ability to detect a suspicious attempt to gain access. When an employee fails to identify the threat, they should receive additional training.

Implement a continuity strategy. With no surefire way of preventing ransomware attacks even with proper security solutions in place, a continuity strategy becomes essential. A plan needs to detail how to respond, remediate, and recover quickly once an attack has happened. Communication and collaboration are key as well as transparency to limit the impact on their reputation. A business continuity and disaster recovery solution can be effective in dealing with attacks because it can recover server workloads locally or in the cloud helping to minimize business interruption following a ransomware attack. Since ransomware is designed to spread across networks and SaaS applications, endpoint and SaaS backup solutions designed for fast restores are also critical.