An Osterman Research Survey report titled, Second Annual State of Ransomware Report: US Survey Results[i] confirms that the impact of ransomware on small to mid-size businesses can be costly both in downtime and the continued viability of the business.
The Osterman Research Survey published in July reveals that the ransom demands are not what harm small businesses but instead it is the downtime. Their research found that “for 20 percent of impacted organizations, a ransomware infection caused 25 or more hours of downtime, with some organizations reporting that it caused systems to be down for more than 100 hours.”
The survey also showed that “the most common source of ransomware infections in US-based organizations are related to email use: 37 percent were from a malicious email attachment and 27 percent were from a malicious link in an email….In many ransomware attacks, the infection is not limited to a single endpoint, but can spread to others, as well. In fact, in many cases the infection spread to every endpoint on the network.”
The research clearly noted that organizations’ confidence among decision makers about their ability to stop a ransomware attack is not very high. When an attack hits, normal business is impacted either because they are dealing with the infection or they have lost access to critical files that are needed to keep the business operational. The degree to which the ransomware spreads can dictate how much of the business is impacted and how severe that impact is. The length of time that elapses between the initial ransomware infection and its detection is critical to stopping the spread of the infection according to this Osterman report.
The discussion of how to solve the ransomware issue is ongoing. Many believe that the primary focus should be on user training. The Osterman survey asked respondents, “Do employees go through security awareness training and what is the frequency of the training?” 10% of those surveyed receive training just when they join the company. 24% are trained no more than once a year and 24% are trained 2-3 times per year. The Broadleaf team feels that user training is critical to battle ransomware. How often do you train your users?
The other area of primary focus is a technology oriented approach. Most of the US based organizations surveyed by Osterman have deployed email security to address ransomware and have implemented regular, on premises backup of data so that they can restore ransomware infected machines to a known good state as quickly as possible. Many organizations also have implemented network segmentation, the use of outsourced security providers, on premises ransomware detection solutions, and regular, cloud based backup capabilities.
While the debate may continue, it certainly makes sense that a combination of user training as well as preventative and recovery based technology strategies will provide the best protection against ransomware for your business. The Broadleaf team would be happy to strategize with you about user training and technology strategies. Contact us at 978-362-0502 or firstname.lastname@example.org to schedule a time to talk.
[i] Second Annual State of Ransomware Report: US Survey Results https://press.malwarebytes.com/2017/07/27/new-global-research-ransomware-attacks-caused-22-percent-infected-small-medium-sized-organizations-cease-business-operations-immediately/