Ransomware challenges every SMB faces

UK SMBs are low-hanging fruit; and for cybercriminals, they're ripe for the picking. It's no longer a question of 'when' they will be hit, but 'how often'

WanaCrypt0r, otherwise known as 'WannaCry', is the latest ransomware variant to hit Windows systems and media headlines across the globe. Among those affected by this very swift attack were one-fifth of computer and phone systems at NHS hospitals and GP surgeries, causing massive disruptions in various operations. FedEx, Hitachi, and Telefonica were just some of the private organisations to also be affected. With 99.3% of businesses in the UK belonging to small- or medium-sized businesses (SMBs), one can only wonder how many of them were hugely affected by this unprecedented outbreak.

Observations from numerous trusted security companies have come up with the same conclusion: that ransomware targeting SMBs is on the rise. What's sad is that the majority of them are still under the impression that they cannot be targeted by ransomware, reasoning that they're 'too small' compared to large companies. This misconception has greatly impeded entrepreneurs from protecting their businesses against online threats, costing them more money, their clients' trust, or worse, the stability of their businesses.

It's tough running a business nowadays…

One doesn't prepare if one thinks there's no danger. As such, the majority of SMBs are ill-equipped to handle a ransomware attack.

Unlike large enterprises, SMBs don't have excess resources to invest on cybersecurity. Because of this, they often don't have basic email security in place, or if they do have protection installed, it's free security software that may lack features they need, such as anti-ransomware and anti-exploit.

For especially small businesses with at least two employees, they won't have an IT person (or department) to manage their network. These employees may also lack the awareness needed to quickly spot social engineering tactics using emails—usually the starting point of almost every ransomware attack—or the basic training and know-how on safe computing practices. As a result, software isn't patched on a regular basis, files are not backed up, sensitive data is stored insecurely and passwords are eight characters long.

Furthermore, once ransomware has already infected systems and encrypted files, SMBs usually don't have a disaster recovery plan, so they are more inclined to pay the ransom. Their lack of preventative, mitigation, and recovery measures are not only making things easier for cybercriminals to infiltrate their networks and siphon out precious data, they're also inadvertently funding criminal activity, which then encourages threat actors to hold more attack campaigns.

…but SMBs can make it tougher for cybercriminals to turn a profit

Being proactive instead of reactive is key to addressing the challenges that ransomware brings. Getting hit is no longer a question of "when" but "how often", and the sooner SMBs realise and accept this, the quicker they can do something about their cybersecurity needs.

With GDPR going to be in full effect next year, there's now a desperate need for SMBs to seriously consider changing their business culture and tactics to include investments on continuous employee awareness training and system security hardening.

Jovi Umawing is a Malware Intelligence Analyst with Malwarebytes. With more than 10 years in the antivirus industry under her belt, this accomplished threat researcher helps to educate enterprises and consumers alike about the latest online threats. She has written for online security publications, is an advocate for online child and teen safety, and is a regular contributor to the Malwarebytes Labs Blog