You can protect your small business from ransomware attacks by:
- Providing security awareness training
- Implementing 3 factor authentication
- Microsegmentating devices and users
- Developing a ransomware response plan
- Keeping systems up to date
- Regularly backing up data
- Having a disaster recovery plan
- Performing red teaming or table top exercises
- Working with a Virtual CISO
- Using strong password policies and management tools
In this article, we’ll discuss the rise of ransomware and it’s impact on small business, and the latest trends and research driving these attacks.
By the end, you’ll be armed with practical and actionable steps you can take to protect yourself from becoming the next headline.
The Rise Of Ransomware On Small Business
Small businesses are often perceived as easy targets by threat actors due to their typically limited cybersecurity resources and internal expertise.
According to the State of Ransomware Report by Malwarebytes, ransomware attacks are at an all-time high.
In just four countries—the US, Germany, France, and the UK—1,900 ransomware attacks were recorded in one year.
In the US alone, there was a 75% increase in the average number of monthly attacks.
NCC Group also released its Threat Pulse for September 2023 citing a 153% (514 victims) year-on-year increase in ransomware attacks.
North America topped the list at 258 victims with healthcare seeing the greatest increase from the previous month.
Ransomware As A Service Is Growing
Ransomware as a Service (RaaS) is a business model where cybercriminals sell access to ransomware.
The developers of the malware create and maintain the ransomware software and then lease it out to other criminals, typically through a subscription or profit-sharing model.
According to a Trend Micro report, there was a 47% increase in new RaaS victims in the first half of 2023 with small businesses being the primary target.
As of December 20, 2023 the threat actors unseized the website leveraging a signing key that enables them to assign the .onion address to a new server.
The attackers have now vowed to retaliate saying that no one is off limits. Previously, it was stated that they would not attack critical infrastructure (e.g. nuclear power plants) and hospitals.
Other notable ransomware groups in 2023 include:
How Does Ransomware Impact Small Businesses?
The average cost of a data breach to small businesses ranges from $120,000 to $1.24M.
However, the total average cost worldwide has been reported to be at an all time high of $4.45M in 2023, up 15% in the previous 3 years.
Beyond the ransom demands the cost of a data breach may include:
- Higher insurance premiums.
- Damage to reputation and loss of IP.
- Employee hours spent resolving the breach.
- Burnout and churn from IT and cybersecurity staff.
- Hiring firms specializing in incident response or crisis management.
These costs may exceed $100,000s in addition to the costs due to loss of revenue and future potential investments.
Recovery from a ransomware attack is not just costly but also time-consuming.
On average, it takes 24 days for an organization to regain a foothold on its production data following an attack.
What Are The Most Common Ways Ransomware Infects Systems?
According to recent research and attack trend analysis, the most common methods used to spread ransomware are:
- Social Engineering: Crafted phishing emails or persuasive vishing phone calls trick users into clicking malicious links or divulging login credentials. This initial access provides what’s needed to silently deploy ransomware across the network.
- Unpatched Systems: Systems containing unpatched, publicly known exploitable vulnerabilities are opportune targets. Taking advantage of the window between vulnerability disclosure and remediation, threat actors can easily exploit these systems to rapidly encrypt files in minutes.
- Bypassing MFA: Circumventing SMS or voice-based multi-factor authentication starts by stealing credentials through phishing. Then voice imitation AI generates audio clips that impersonate authorized users, bypassing voice authentication to spread ransomware.
- Supply Chain Compromise: By infiltrating trusted software vendors, managed service providers, or cloud providers, threat actors gain distribution channels to deploy ransomware through automatic software updates. Victims may not detect or respond to the source of the attack since it comes from a trusted provider.
- Infected USB Drives: USB drives infected with malware are left in public locations or mailed directly to potential targets. If an unsuspecting user plugs the infected drive into a computer, it immediately executes malware, beginning the encryption process while bypassing network defenses.
Stop ransomware while preventing lateral movement across your network.
Best Practices For Protecting Your Small Business From Ransomware Attacks
1. Provide Security Awareness Training
Employees are not only the first line of defense but also potential unintentional insider threats.
Despite the critical role of security awareness training in mitigating these risks, 1/3rd of companies do not provide training to their employees.
Unfortunately, even when security awareness training is provided, it often fails to effectively equip employees to thwart attacks.
This inadequacy stems from various factors :
- The training is usually minimal.
- Driven by compliance.
- Only conducted annually.
The content tends to be mundane and unengaging, leading employees to rush through it without absorbing the crucial information needed to detect and respond to threats.
This approach is problematic because 90% of the taught content is forgotten within 1 week if not practiced.
Moreover, the challenge of delivering engaging in-person or virtual training exacerbates the situation, with many programs reduced to mere compliance checkboxes.
To counteract these shortcomings, a more robust approach is required. This involves continuous awareness training supported by the top levels of the organization. Regular training has been shown to reduce risk from 60% to 10% in the first 12 months.
Beyond basic phishing simulations, training should include custom campaigns with vishing and/or smishing, using collected data from department leaders to create the most realistic campaign possible.
Educating employees on recent industry-specific attacks and techniques through Breach Reports can also enhance their understanding and preparedness.
2. Implement 3 Factor Authentication
To prevent 99.9% of password compromises it’s recommended that you implement 3 factor authentication.
3 factors of authentication include:
- Something you know (username/password)
- Something you have (hardware token)
- Something you are (biometric such as a fingerprint)
Google’s implementation of 3 factor authentication, involving a hardware token, has been a game-changer, as reported by Krebs on Security.
This method adds an extra layer of security, making it nearly impossible for attackers to gain unauthorized access.
In 2023, Google took this one step further by implementing passkeys in an effort to move away from passwords as an authentication method.
3. Microsegment Devices And Users
Microsegmentation prevents ransomware by breaking down networks into smaller, more manageable zones dividing a network into smaller, isolated segments.
In contrast, a traditional flat corporate network is susceptible to ransomware as it finds open paths to spread throughout the system.
In a report of 1,200 IT and security decision makers, 93% of respondents claimed that microsegmentation is critical to help thwart ransomware attacks.
Microsegmentation implements highly specific least-privilege access controls between zones. It limits communication to only approved accounts, applications, services, and devices.
This approach restricts ransomware’s lateral movement, a common technique used to infect and encrypt multiple endpoints and servers.
If ransomware is detected within a segment, administrators can instantly isolate the affected area, preventing the infection from reaching other business areas.
4. Develop A Ransomware Response Plan
A Ransomware Response Plan is a blueprint to resolve a ransomware attack.
This sequence of steps includes the immediate identification of the attack’s extent and moving to isolate the infected systems to prevent further spread.
The plan also outlines strategies for securely communicating within the organization as well as with external stakeholders to maintain trust and manage public relations during a cyber incident.
As a result of this plan, 63% of organizations say they are successful in restoring their data when they experience a ransomware attack.
A business without a plan often finds itself unprepared, leading to prolonged operational paralysis and potential permanent data loss.
In the case of Garmin, their response to the ransomware attack was a textbook example of the plan in action.
Garmin’s first step was to recognize the breach and swiftly assess what systems were compromised.
Following this, Garmin took affected services offline, including:
- Website functions
- Customer support
- User applications.
Garmin’s response team then evaluated the impact on their data and infrastructure.
For Garmin, having a response plan allowed them to restore services and regain operational functionality with minimal impact to the business.
5. Keep Systems Up To Date
Monthly and weekly patching cadences put your organization at far greater risk to a data breach.
Instead, businesses should adopt a continuous vulnerability management program where systems are scanned and patched daily for discovered vulnerabilities.
This significantly reduces the risk to an organization by shortening the time a known exploitable vulnerability sits on your network.
Threat actors are searching for the lowest hanging fruit to maximize their revenue. Systems that have known exploitable vulnerabilities are exactly what they’re searching for.
With the proliferation of automation and now AI, the entire process of encrypting an organization takes under 45 minutes, with a median time of just under 6 minutes.
Stop ransomware while preventing lateral movement across your network.
6. Regularly Back Up Data
Regular data backup involves creating copies of data stored in various formats:
- Cloud backups offer accessibility and convenience, yet they’re not immune to cyber threats that can corrupt data.
- Physical and local backups, while readily available, can suffer from onsite risks like theft or damage.
- Offsite backups, both stored in physical and digital formats, provide additional security but may have slower recovery times.
However, relying on a single backup method can be risky. For instance, cloud services, if compromised, can lead to restored data still harboring malware.
Despite 92% of businesses having backups, 31% fail to restore data during a ransomware attack, often due to not implementing multiple backup methods or regular updates.
Having a multifaceted backup strategy enhances security by ensuring that if one is compromised, others remain intact.
Regular updates and testing of these backups also ensure they are free from malware and are operating as expected.
7. Have A Disaster Recovery Plan
Having a Disaster Recovery (DR) Plan is essential given that 96% of organizations experienced at least one downtime incident from 2019 to 2022.
An effective DR Plan should include:
- Defined Tolerance for Downtime and Data Loss: Setting recovery time objectives (RTO) and recovery point objectives (RPO) helps determine your business’s tolerance for downtime and data loss.
- A Trained DR Team: Assigns specific tasks during a crisis, managing communications and ensuring everyone knows the emergency response policies.
- Alternative Workspaces: In the event of office inaccessibility, having remote work plans keeps the business operational.
- Remote Access: Secure technologies like VPN and SSH ensure safe access to company data from outside the company network.
- Secure Backups: Implementing a 3-2-1 backup strategy, where data is backed up in three different forms, two on different media, and one off-site or in the cloud, is critical for data recovery.
- Comprehensive Testing Strategy: Regular testing of the DR plan ensures its effectiveness in actual disaster scenarios.
8. Perform Red Team Or Table Top Exercises
An alarming 70% of small and medium businesses feel unprepared for a cyberattack. Conducting Red Team or Table Top exercises may provide a solution.
In a red team engagement, an organization’s preparedness is tested against a variety of threats to identify security gaps aimed at improving its overall security posture.
In a recent report, 55% of respondents identify ransomware readiness as the most impactful benefit of Red Team exercises.
Upper management’s exclusive awareness of these simulations ensures that IT and security teams react genuinely, mirroring their response in a real crisis.
Table Top exercises focus on how an organization’s leadership reacts to simulated attacks.
This combination offers a thorough assessment of both the technical and procedural aspects of an organization’s cybersecurity readiness.
9. Work With A Virtual CISO
Working with a virtual CISO (vCISO) is a strategic decision for small businesses to strengthen their security posture.
vCISOs deliver high trust and deep experience, bringing a broad range of proficiencies and historical knowledge across industries.
A key responsibility of a vCISO is to design and implement effective response plans, ensuring that they are regularly reviewed and tested for readiness against security incidents, such as ransomware.
By collaborating with internal security teams, a vCISO provides insights into cybersecurity risks and enables management to make informed, data-driven decisions.
In addition, a vCISO is a cost effective resource, fulfilling security leadership roles without the administrative hurdles and costs of hiring a full-time employee.
10. Use Strong Password Policies And Management Tools
Threat actors frequently exploit weak passwords to gain access to key systems and then deploy malware onto systems to gain full control.
Password dumper malware, a type of malicious software designed to extract and steal passwords stored on a victim’s computer or network, was responsible for 40% of malware-related breaches in 2020.
Once threat actors have escalated their privileges and lock out admin access, they can begin to encrypt your data and demand a ransom payment.
Developing a strong password policy is one layer of security that can help prevent initial access to your account. However, social engineering techniques can easily bypass these methods.
With that said, it’s recommended that your organization enforce strict password policies including:
- Use of complex passwords with a minimum length.
- Regularly changing passwords every 60 to 90 days.
- No use of personal information such as birthdays or names.
- No use of common words or phrases like password or 123456.
- Avoiding the reuse of passwords across different accounts.
- Preventing reuse of the last 5 or 10 passwords.
- Developing a secure password reset procedure.
- Maintaining a blacklist of prohibited passwords.
Password managers, like Dashlane Business, can help simplify the administration and enforcement of these policies across systems and use some of the highest encryption standards to prevent access from threat actors.
How SecureTrust Protects Small Businesses From Ransomware
SecureTrust addresses ransomware protection and prevention for small businesses through an affordable subscription-based model.
Implementation is easy with a 10 minute setup designed to get you back to work while seamlessly protecting your organization 24/7.
These services are fully managed by DoD trained experts who work with your business to monitor, detect, respond, and proactively hunt for threats on your network.
Our Extended Threat Protection (XTP) services provide 3 factor authentication proven to reduce credential threat risk by 99.9% while reducing IT support tickets by 75% by simplifying password policies.
Our microsegementation solution leverages Secure Access Service Edge (SASE) technologies delivered through Helios Cloud™ to provide comprehensive network security.
Finally, SecureTrust takes a continuous approach to vulnerability management ensuring all network connected devices, whether onsite or remote, are up to date with the latest security patches.
With SecureTrust, small businesses can confidently navigate the complex landscape of cybersecurity, ensuring your data and operations are safeguarded against the growing threat of ransomware.
Stop ransomware while preventing lateral movement across your network.