Small Businesses Are Common Ransomware Targets
Ransomware attacks are up 1.5% from last year and a significant 8.5% from 2020. For those who are unfamiliar, ransomware is a type of malware that is designed to achieve a detrimental effect – such as locking someone out of a system or publishing someone’s personal information – unless a ransom is paid.
This alarming trend is not going away and, what’s worse, more and more victims are meeting the ransom demands. However, those victims aren’t exactly who you would expect them to be. The term “bigger fish to fry” has never been less appropriate.
Targeting the Smaller Fish
It stands to reason that hackers looking for a big payday would go after the biggest target around. After all, the more money a company makes, the bigger the ransom they’ll be able to pay. Add in the fact that 63% of companies attacked in 2021 met the ransom demands and it seems like it could be a big, easy payout.
So why are 71% of ransomware attacks aimed at smaller companies rather than the major cash cows? There are two key reasons.
Lack of Security
For one, these smaller companies aren’t going to have the security boasted by large enterprises. Small businesses can’t afford to put as much into cybersecurity, which makes them much easier targets. Large companies are prioritizing security in a major way that smaller businesses simply can’t match.
At the same time, small business owners don’t consider cybercrime to be a serious threat. It’s reasonable to assume that, if your company doesn’t even pull in a fraction of what the large enterprising companies do, then hackers won’t want to waste their time. Unfortunately, it’s a false assumption, and that lack of preparation makes you a bullseye for ransomware.
Hackers know that small businesses are unprepared for ransomware attacks. They also know that even if security was a serious concern, smaller businesses don’t have the funds required to truly safeguard their systems. So even if the payouts will be smaller, they’ll be more frequent and easier to obtain. (insureon)
Staying Under the Radar
The second reason that the vast majority of ransomware attacks are carried out against smaller companies is that these attacks are less likely to attract unwanted attention. If you’re a hacker, your ideal outcome is for the victim to pay the ransom without much fuss and for everything to fade away quietly. Companies often play these attacks close to the vest so as to not advertise themselves as easy targets.
If you hit a corporate giant, on the other hand, that’s going to get the attention of not only federal law enforcement but possibly even the government, which is the last thing a hacker wants. Regardless of how quiet a company wants to keep the incident, if the company boasts over 25,000 employees, word is going to get out and the spotlight will be on those responsible. (MSSP Alert)
Cybersecurity is Priority Number One
Ransomware isn’t going away, at least not anytime soon, and small businesses will remain the ideal targets. Ransomware is close to overcoming malware as the top threat, so it’s past time to start taking cybersecurity seriously.
Of course, there’s still the issue of small businesses not having the resources for airtight security, but a little goes a long way. Even something as simple as an effective antivirus program and regular monitoring of your system might be enough to deter hackers. Remember, they’re specifically targeting small businesses that pay little or no attention to cybersecurity. So, any security is better than no security at all, even if it’s just for the sake of appearance.
Another good idea is to educate your employees on how to be on the lookout for malicious software. If you can’t afford a dedicated cybersecurity team, the next best thing is to turn your existing workforce into a security team of sorts. They won’t be professionals, but they’ll be informed and vigilant, which could be all it takes to prevent your business from being another ransomware statistic.