Every Business is a Target
Why SMEs Need to Start Taking Ransomware Seriously
By Nick Hayes, Director of Cyber Solutions
Published 24th June 2022
Despite ransomware incidents continuing to dominate the cyber-related headlines, there seems to be a misconception among smaller and medium-sized businesses that it’s something only large corporations need to be concerned about. In fact, there are a surprising number of statistics that suggest SMEs are not adequately equipped to defend themselves against most forms of cyberattack. Perhaps they don’t think of themselves as a target? If the last two years have taught us anything, however, it’s that every business is at risk, and every business can be a target. This has always been the case, but the rapid transition to remote/hybrid and cloud-based working has made these targets even easier for threat actors to hit. This is primarily because of the haste in which cloud solutions are often implemented, resulting in gaps, misconfiguration and security considerations coming too late in the process.
According to Statista, a record-breaking 65% of all businesses globally were victimized by ransomware in 2021, making small to medium-sized businesses more vulnerable than ever.
During periods of disruption, when pressures are heightened and focus might even be on survival, it’s easy to see how cybersecurity might not be a top business priority, but as we move forward in the post-pandemic landscape it’s time for companies to re-evaluate their risk and level of exposure to threats. So, how can SMEs do this and protect themselves from ransomware?
The importance of planning and assessing risks
The DCMS Cyber Security Breaches Survey 2022 revealed that just over half of businesses (54%) have acted in the past 12 months to identify cyber security risks – that’s somewhat reassuring, but why aren’t more?
When it comes to ransomware, a good place to start is to consider best practice guides from the likes of the National Cyber Security Centre (NCSC) in the UK or the Cybersecurity and Infrastructure Security Agency (CISA) in the US. These will offer some useful tips for shoring up defenses. Nevertheless, one of the key methods to mitigate the threat of ransomware is to understand exactly what is in your organization’s environment and where the risks and vulnerabilities lie, particularly seeking to identify where you may be exposed. This will ultimately help you understand how susceptible your organization is to a ransomware attack.
Threat modelling, for instance, will allow you to understand exactly where systems fit within the context of your organization, how these systems affect your overall security posture and your environment’s attack surface. But it’s also important to understand the business assets you are protecting and their criticality. In the context of information security management, an information asset is defined as “anything of material value that is owned or used by an organization which could result in a negative impact”. SureCloud’s ransomware risk assessment, for example, contextualizes its outcomes based on the understanding of a loss or breach of these assets. It will also analyze control maturity, simulate real-world ransomware attack techniques and shine a spotlight on anything that may need fixing. This type of assessment is ideal for small and medium-sized businesses that might be dealing with risk-blindness due to lack of internal security resources.
How to prevent ransomware spreading quickly
So, you’ve considered your level of cyber risk and levelled up your security strategy, but an attacker still manages to get in! Perhaps via a phishing attack that caught out an unsuspecting employee.
In the DCMS survey, it was revealed that of the 39% of UK businesses who identified a cyberattack in the last 12 months, the most common threat vector was phishing attempts (83%).
Educating (and regularly reminding) employees on identifying malicious emails, links and attachments, is one of the most effective ways to prevent a ransomware attack. However, beyond that, some things you can do to slow the spread of a ransomware attack, should it happen, include network segmentation, data encryption and the principle of least privilege. The latter works precisely as it sounds, by affording employees the minimum number of privileges they need to perform their role. Someone with higher privileges, such as an IT administrator, should have a separate account for accessing these privileges rather than using the same credentials they use to check their emails. Why is this? It’s all about minimizing risk exposure. In the case that an application or service is compromised, you will want the attacker to have the lowest possible level of access.
If a business can maneuver into a position where it can properly assess risk and identify vulnerabilities, it will be empowered to accelerate its digital transformation with confidence, and without succumbing to the increasing threat of ransomware.