Small-business ransomware attacks rose in Q2, 2022, according to data compiled by ransomware recovery firm Codeware. The findings show an escalation of attacks on small businesses, municipalities and professional services companies.
Among the findings:
- Companies with 11 to 100 employees saw the highest number of ransomware attacks, accounting for 39.4% in Q2
- Professional Services companies were the most likely to suffer a ransomware attack, accounting for 21.9% in Q2
- The public sector was the second most-common victim, accounting for 14.4% of ransomware attacks
- The median ransom payment fell by 51% from the first quarter as attackers shifted their focus to smaller, financially stable organizations
“We’re too small to target,” is no longer reality. In fact, hackers prefer small-business, nonprofit and municipal targets because they are often easier to breach and do not have the ability to recover data without paying the ransom.
Got $36,000 and 24 days?
The average ransomware payment was more than $36,000, and the average downtime from a ransomware attack was 24 days. Most businesses, nonprofits and municipal governments have far better use for that money and time. All would prefer not to have customer data stolen. Remember that this happens even if you pay the ransom. Hackers are not ethical people. You cannot trust them when they say they won’t sell your customers’ or employees’ stolen information on the Dark Web. They’ll take your ransom payment, then turn around and sell the information. They’re in it for the money.
Protect Now Against Ransomware Attacks
Every business, no matter how small, needs to protect against ransomware. Criminals believe you are an easy target. Once you prove them right, you will spend significantly more time and money to get rid of them than you would have if you had taken steps to protect yourself.
Here are three things you need to consider to protect now against ransomware attacks.
- Get a Cyber Liability Policy. Professional services companies that handle personal information and any organization that handles credit card or banking information must have cyber liability insurance. This will protect you if a ransomware attack leads to a data breach or shuts down your operations. Don’t count on business interruption insurance to cover losses from a hack, as most of those policies specifically exclude cyber attacks.
- Train to prevent phishing attacks. Phishing is one of the ways criminals launch ransomware attacks, and it can lead to all kinds of ongoing problems for businesses. In our experience, once criminals find out they can victimize you, they will turn up the intensity of their attacks. Criminals use phishing to uncover weaknesses in your cyber awareness. Fending off these attacks goes a long way toward maintaining cyber security.
- Hire a Virtual CISO. A Virtual CISO, also known as an outsourced CISO or fractional CISO, is an executive who specializes in cyber security and provides help to small businesses as a service. For a fraction of the cost of a full-time executive, you get executive-level support to analyze your systems, implement a security plan and supervise staff training.
Don’t assume that you can handle all cyber threats on your own. The criminals highlighted in Codeware’s data are not email spammers hoping you’ll fall for a fake lottery scam. These are organized, professional criminals who make their living stealing money through ransomware and through the sale of stolen data. Their only job is to find ways to victimize you.
Written by Robert Siciliano, CEO of Credit Parent, Head of Training & Security Awareness Expert at Protect Now, #1 Best Selling Amazon author, Media Personality & Architect of CSI Protection Certification.