Ransomware Attacks Continue to Rise Among Small and Mid-Size Businesses by Brandon Bowers
According to the latest industry reports, ransomware attacks surged in 2023, accounting for nearly one-quarter of all data breaches and costing businesses worldwide an average of $5.13 million.[1] More alarming still, businesses’ security teams detected only 33 percent of all ransomware breaches, whereas 27 percent were disclosed by the attackers, and 40 percent were uncovered by a third party, such as law enforcement or their security provider.[2] As the number of criminals multiplies and finds new ways to exploit vulnerabilities, businesses of all sizes must proactively protect their data across multiple environments and educate their employees to minimize the risks of financial and reputational damages that can result from an attack.
What is Ransomware?
With a ransomware attack, criminals infiltrate and take control of a business’s systems and network and hold its data hostage, bringing all operations to an immediate halt. They then demand victims pay a ransom to allow them to regain access to their files and all the sensitive information they contain. However, there are no guarantees that the attackers will not destroy victims’ files or leak them on the dark web, causing victims irreparable damage, including significant time and expense to recreate their data. For example, it typically takes victims more than 300 days to identify and control a ransomware attack, which generally costs victims 28 percent more than breaches uncovered internally. These costs are one reason why ransomware attacks are particularly damaging to small businesses, 60 percent of which are forced to go out of business within six months following a breach.
Protecting Against Ransomware Attacks
One of the first steps small- and mid-size businesses should take to protect themselves against ransomware attacks is understanding how these scams begin. Countless studies have found that the most common ways criminals access victims’ systems are 1) phishing scams, in which users are tricked into clicking on malicious links or attachments contained in emails, and 2) stolen or compromised credentials, such as users’ login names and passwords. However, there are several strategies businesses and nonprofits can employ to minimize these risks, starting with the following:
Establish Smart Policies
- Recognize and adhere to cybersecurity standards required for your industry.
- Proactively develop and regularly test your incident response plan (IRP).
- Share best practices for how all members of the organization can protect themselves from cybersecurity risks, such as using strong passwords and password-management solutions.
Educate Employees
- Establish a plain-language security-awareness program and train users to identify phishing scams and avoid falling victim to these and other social engineering attacks.
- Require employees to participate in simulation exercises to test their level of social engineering awareness.
Maintain a Strong Defense
Employ a multi-layered approach to your cybersecurity program, ensuring your strategies protect your most critical information system assets across various environments.
- Keep software up to date.
- At a minimum, deploy Next-Gen firewalls and managed detection and response systems (MDRs).
- Leverage a password manager to reduce bad password hygiene practices that can lead to expanded exposure from compromised credentials.
- Conduct regular risk assessments, vulnerability analyses and penetration testing to understand your risks and to develop your security roadmap.
About the Author: Brandon Bowers is director of Managed Cyber Security Solutions with Berkowitz Pollack Brant Advisors + CPAs, where he provides businesses, professional services firms and family offices with business continuity and recovery, cybersecurity and fully outsourced help desk services. He can be reached at the CPA firm’s Ft. Lauderdale, Fla., office at (954) 712-7000 or info@bpbcpa.com.
[1] IBM’s 2023 cost of Data Breach Report
[2] IBM’s 2023 Threat Intelligence Index
← Previous