Across businesses of all verticals and sizes, there has been an unprecedented number of ransomware attacks globally just this year alone. OpenText Security Solutions recently released findings about the growing concern of ransomware attacks, the impact of geopolitical tensions, and rising inflation rates on Small-Medium Businesses (SMB).
In this Q&A, Grayson Milbourne, Security Intelligence Director at OpenText Security Solutions shares additional insights from the recent OpenText Security Solutions 2022 Global Ransomware SMB Survey.
How has ransomware evolved in the past 6 months? We aren't seeing big events like Colonial Pipeline -- how has the threat changed?
In the recent OpenText Security Solutions Nastiest Malware threat landscape review, we found that while ransomware gangs have been somewhat stalled by law enforcement agencies, the ransomware-as-a-service business (RaaS) model continues to thrive. In fact, it was a RaaS affiliate who was responsible for the Colonial Pipeline attack. RaaS groups and their cybercriminal buyers work together to enable widespread attacks using tactics like triple extortion which adds ads pressure by attacks on the victim’s website using DDoS. Even in the past week, school districts and colleges across the country have had to close operations due to ransomware attacks.
If we add geopolitical tensions and rising inflation rates to the mix, small to medium businesses (SMBs) continue to be the perfect target. In the OpenText Security Solutions 2022 Ransomware SMB Survey, we found 45% of SMBs have already experienced a ransomware attack. This is not surprising given the trends show smaller SMBs are the prime focus for ransomware.
What are the common roadblocks for sound ransomware defense? What are organizations struggling with?
Before organizations can address challenges like small security budgets and teams, the most common roadblock they face is not recognizing they’re a target in the first place. In fact, a majority (67%) of SMBs don’t think or aren’t sure if they are a target, even with almost half of SMBs reportedly being victims of ransomware attacks. SMB’s especially need to be aware that ransomware is a threat, and that threat is continuing to grow and evolve.
Businesses, particularly SMBs, struggle with having the right security resources in the right places as they manage tighter budgets and short-staffed security teams. Without considering financial concerns caused by the looming recession and inflation, most SMBs have less than five people dedicated to security and spend less than $50,000 annually on cybersecurity.
How can organizations overcome those challenges -- especially for those organizations that are reducing their budgets due to the macro-economic environments?
Shrinking security teams and budgets compounded by macro-economic pressures can make effective and affordable cybersecurity feel next to impossible. But cybersecurity should be taken seriously and does not require an overinvestment when compared to the actual cost of paying a ransom. That’s why adopting a cyber resilience framework is critical. This includes investing in:
Employee education to strengthen the first line of defense – In addition to regular security awareness training including phishing simulations, provide users with relevant security focused news to keep security posture top of mind.
Secure remote access to internal networks – Add MFA and VPNs for all remote access and deploy audits to ensure all users are connecting from expected locations.
Test response plans and backups – a fire drill is a great way to ensure all critical systems and data are accounted for as well as providing a less stressful environment to evaluate and improve upon your response plan.
SMBs are also looking towards MSPs (Managed Service Providers) to manage a lack of security resources. MSPs can provide skilled security staff at a fraction of the cost of an internal hire. Sixty-five percent of SMBs surveyed that don’t currently use an MSP said they would consider doing so in the future.
How do you see the threat of ransomware evolving in 2023?
Unfortunately, it’s going to get worse before it gets better. Ransomware-as-a-service continues to thrive and lowers the technical barrier for entry which is attracting more aspiring cybercriminals. Ransom payments are rising faster than the threat of inflation itself, and geopolitical tensions and hybrid work only add to the fire. With financial constraints weakening security budgets and posture, attackers will only be more motivated to focus on SMBs. These struggles make incorporating cyber resiliency more important than ever in 2023.