According to a study carried by Infrascale, cyber attacks are more common against small and medium-sized enterprises than what it was believed, and it can affect up to 46% of these enterprises. This study indicated that 55% of B2B companies said to have suffered a ransomware attack, in contrast with the 36% of attacks B2C companies suffered. Although, most SMEs claimed to feel prepared to face these attacks, there is still a big percentage of small and medium-sized enterprises who do not feel prepared or protected against a ransomware attack.
Before, ransomware attacks aimed to infect as many devices as possible so, at least, a small number of victims would pay the ransom. An example of it was the famous attack known as WannaCry, in May 2017, which heavily affected big companies like Iberdrola, Telefónica, and the British Health Service. The attack affected more than 140,000 computers around the world.
Said study mentioned that almost 78% of B2B SMEs have been forced to paid ransom, in contrast with the 63% cases of ransom paid by B2C companies. However, 60% of small and medium-sized enterprises admit they would pay in case of being victim of ransom just to get the files back; moreover, 53% confess they would pay just to keep appearances with the public, and to preserve their image regarding data protection.
The small and medium-sized enterprises that said that did not feel prepared to defend against ransomware attacks also stated how time and resources were their biggest enemies in that battle. Besides this, 32% of SMEs said their IT equipments are limits, and that they did not think their resources were enough to confront the ransomware threat.
Ransomwares are malicious or injurious programs, which makes impossible the access to specifics data of the enterprises, and even the operating system’s files. When these programs are used, the responsible of these attacks ask for a ransom to get back the files and give all the data back. This is one of the most dangerous hacking systems, and one that causes most worries to the businessmen everywhere.
The most dangerous ransomwares today are:
· Petya y NotPetya.
· Bad Rabbit y Ryuk.
The most recent tend to be more effective and specialized. New ransomwares works with tailor-made attacks, they get feed to the open source (OSINT) and social engineering to focus the attack in one person and to put in danger his system, stopping a company and forcing it to take an immediate choice.
Every day, the cost for cyber attacks increase, and, by 2021, it is estimated this will be the result for the lost of six billion dollars in the private sector in the economy. Usually, cyber attacks against companies appear in all news around the world for the impact and the fame of the victim. However, it exist one sector who usually does not appear much in big news when it suffers cyber attacks, the truth is, it is in the front line of cyber crimes, SMEs.
SMEs —who comprise 99.8% of the Spanish business sector, as an example— it was the main objective of cyber crime in Spain; this according to one report published by Google last year. One big reason for this is if companies do not think they could be an attractive target for cyber criminals, they neglect their security or they could without any security whatsoever. This statistic means almost three millions companies are without security or with low security.
According to another study, normally the cost for one cyber attacks to one SME is around 35,000 Euros, and 60% of these are forced to close their businesses for six months after the cyber attack. Also, because there is can be the false idea of not being a target of cyber attackers, a lot of SMEs have another habit that can put in danger their cyber security.
Only 36% of business respondents have in their security protocols the two-step verification, and 14% update the passwords regularly. 21% of SMEs create security copies regularity. This last one is an important protocol to recover after ransomware cyber attack.
Around the world, the business sector suffers serious issues with cyber attacks and it is exposed for this. Beazley Breach Response Services said: “71% of attacks with ransomware have as objective SMEs, and estimates the cost for the ransom, around 116,234 dollars.”
Do not Pay
It is necessary to say that paying the ransom does not guarantee recovering the files or system from the cyber attackers. It only happens in a small percent of cases, according to experts on this matter.
On the other hand, in the unlikely case there is a form to decipher, this means to get a higher qualification for the hackers, and could means of the other attack is going on. In this case, the victim could be considered as a new “premium client” for cyber mafia because they know it is a client who will pay.
To end, there is an ethic consideration: to pay means to subsidize and feed with money to prepare for new attacks and more victims.
Like always, the consciousness about cyber security is the main challenge. Actions from employees are commonly the first wall against a cyber attack. To prevent a cyber incident cause serious harm to the business, it is important for employees to follow these tips:
· Never open files from unknown people, 92% of malwares in the world come from emails.
· Do not connect to a USB unit.
· Update passwords regularly. With this, even if the password appears in some data leak, it will not pose as a security risk.
· Use safe passwords. A lot of the times, very unsafe passwords like their birthdays or names are used. You have to use alphanumeric passwords, and change them depending on the place where you try to access.
· Update the system. Updated systems and third-party applications are an important barrier against security breach.
· Use a good antivirus to block threats or, at least, detect them quickly, and solve them before they extend.
· Use safe web sites. As a suggestion, use safety web sites and do not download files from unknown sources.
· Do securities updates. This is one of the most important tips because a lot of ransomware cyber attacks were against Windows version without updates, for example.
Also it is suggested to have a quick and effective way to restore the security copies of all important files, alongside a good backup policy from the business.