Ransomware attacks on large corporations receive much attention from the media and law enforcement but small businesses should be just as wary of an attack.

Data collated by Verizon in its 2021 SMB Data Breach Statistics found that 46% of all cyber breaches impact businesses with fewer than 1,000 employees.

Ransomware is a type of malware that prevents people from accessing the data stored on a computer. Sometimes the computer is locked or the data stolen, encrypted, or deleted. However if access to the data is blocked it can only be recovered by paying a ransom, usually in bitcoin.

Payment is no guarantee that you will regain access to your data and files encrypted by ransomware often can only be decrypted by the attacker.

Chris Blake, Director, and Principal Data Protection & Privacy Consultant, said: “Ransomware attacks have been increasing over the past five years. Attackers are writing new code and creating new attacks. Artificial intelligence is lowering the barrier and more hackers are generating attacks.”

The UK’s National Crime Agency believes ransomware continues to be the most acute cyber threat facing UK organisations and businesses as cyber criminals adapt their business models to maximise profits.

James Babbage, Director General for Threats at the National Crime Agency, said: “Ransomware continues to be a national security threat. The threat is likely to increase in the coming years due to advancements in AI and the exploitation of this technology by cyber criminals.

“AI services lower barriers to entry, increasing the number of cyber criminals, and will boost their capability by improving the scale, speed, and effectiveness of existing attack methods.”

Some criminal networks also offer affiliate schemes to other hackers under ransomware-as-a-service programmes where the ransomware is rented out on a subscription basis and profits are shared.

Why Small Businesses Should Worry About Ransomware Attacks

Most ransomware incidents typically result from cyber criminals exploiting poor cyber hygiene, rather than sophisticated attack techniques.

Small businesses are regarded as easy targets for hackers as they believe these firms are less likely to have a secure cyber infrastructure. Attackers exploit this vulnerability as they assume the business owners are more likely to pay the ransomware.

As these attacks are small enough to avoid media or law enforcement attention, cyber criminals regard small businesses as a steady income rather than a bigger one-off jackpot.

Many SME owners underestimate the potential threat and don't believe they will be attacked. As a result, they don’t invest in cyber security policies or develop a robust plan. Studies show that 59% of small business owners with no cyber security measures believe their business is too small to be attacked.

However, in digital.com’s report ‘51% Of Small Businesses Admit To Leaving Customer Data Insecure’, 87% of small businesses had customer data that could be compromised if there was an attack, and 27% of small businesses with no cyber security protection collected customers’ credit card information. Not only would the business suffer financial loss and lose brand reputation, but its customers would also be subject to identity theft and privacy violations.

Chris Blake added: “Small businesses should worry as they can’t afford to lose data. And remember, even if the ransom is paid you may not necessarily get your data back.

“The impact of an attack is complex and can include financial loss, brand reputation, losing client trust and emotional impact.”

An attack can be costly and time-consuming to resolve. Data from Verizon puts the costs of small business cyber security incidents at $826 to $653,587. A study from Upcity states that 51% of small businesses said their website was down for 8-24 hours, while research from the University of Maryland reports more serious consequences.

Its report, The Devastating Impact of Ransomware Attacks on Small Businesses states that after a cyber attack, one in five small businesses cease operations until it is resolved. Once unable to trade these firms feel pressured to pay the demands or lose longer periods of activity. With an average cost of $200,000 approximately 60% of small business fold within six months of a cyber attack.

Steps To Mitigate A Ransomware Attack

Having a plan is crucial to mitigate against a ransomware attack and should be considered the same as protecting your business from fire, flood, or a break-in. Regularly back up data on another computer or in encrypted cloud storage so your business can still function after an attack.

Take the following steps to mitigate against a ransomware attack:

  1. Employee education: train employees to recognise phishing attempts and safe browsing to lower the risk of malicious breaches
  2. Strong passwords: enforce the use of complex passwords that are regularly updated to enhance security layers
  3. Employee background checks: conduct thorough background checks on new staff members to reduce internal threats
  4. Work with the best banks: partner with reputable banks that offer robust fraud detection services to safeguard company financial accounts
  5. Resilient backup data system: implement a robust backup system, storing copies securely off site or in encrypted cloud storage to prevent data loss
  6. Firewalls and anti-virus protection: Install and maintain quality firewalls and anti-virus programs to protect against external threats and monitor system vulnerabilities
  7. Up-to-date software: regularly update all software to patch security vulnerabilities and keep cyber defences strong

If you would like help protecting your small business from ransomware attacks visit our Cyber Essentials page.

Cookie Notice

We use cookies to ensure that we give you the best experience on our website. Please confirm you are happy to continue.

Accept Cookies

Back to top