With cyberattacks on the rise, businesses are scrambling to shore up their cyber security. But there’s one important piece of the puzzle that is often overlooked — data backup and recovery (DBR). While DBR can’t prevent a cyber attack from occurring, it can get you back up and running quickly and remove the need to consider paying a ransom to recover your data.
Cyber criminals don’t discriminate. They target small companies as well as large companies and they don’t care that their intrusions could be affecting the health or future of individuals. They just want to cripple businesses and institutions — sometimes for political reasons but usually for the ransom money. Here are just a few ways cyber attacks have caused havoc in the last year:
- Ambulances were diverted to the wrong hospitals, with at least one a fatal diversion.
- One United States city had its entire IT shut down, taking more than six months to fully recover.
- Data files at educational institutions were encrypted. Students’ information was also locked.
- Not only did companies pay heavy ransoms, they also incurred heavy fines for paying those ransoms to foreign companies which are on government block lists. (They appeared to be US companies but were not.)
Ransomware Recovery Statistics
Statistics from Sophos, a company that makes antivirus and encryption products, states that 37 percent of companies worldwide (and 51 percent in the U.S. ) were hit with a ransomware attack in 2021. Of those attacked:
- 96 percent got their data back.
- 32 percent recovered their data by paying the ransom.
- 57 percent recovered their data by restoring their backups.
- 8 percent recovered their data through other means.
Paying the ransom is NOT a good option. Aside from the cost, there are no guarantees that the decryption key provided after the ransom is paid will actually work. Then there is an additional threat of incurring OFAC (Office of Foreign Assets fines) or other government penalties related to paying ransoms. Creating prevention measures is the most economical and practical way to protect your data.
The Impact on Small and Medium Sized Businesses
Small businesses are becoming favorite targets for these attacks but criminals are certainly not attacking them instead of large businesses. Unfortunately, small businesses have less resilience when cyber attacked, with 60 percent of them going out of business within six months according to National Security Alliance research.
Cybercriminals target small businesses more easily because they consider them to be “soft” targets primarily because they often have no defensive plans to prevent attacks. According to a small and medium sized business (SMBs) survey:
- More than 50 percent report being the victim of cyber crime.
- It takes an average of 66 days before a cyber attack is detected.
- The average cost of a data breach for SMBs is $149,000 with ransomware attacks averaging $133,000.
- 75 percent of small business owners report not having a data backup and recovery plan in place.
That’s a hard lesson for all businesses, but especially medium and small ones.
High Risk Industries
Recent years have shown that there is no such thing as an industry immune to cyber attacks. Municipalities, schools and even hospitals have been targeted. Like small businesses, these industries have been behind the curve implementing cyber security and are therefore considered “easy targets.” In the Sophos 2021 State of Ransomware report, the following industries were at higher than average risk:
- Business and professional services
- Central governments and government-related entities
Form a Data Backup and Recovery Plan (DBR)
Whether your business is large or small, a municipality, medical organization or educational institution, know that when you work with a managed service provider (MSP) such as SkyTerra, you will have fewer work headaches and less financial loss than if you succumb to ransomware demands.
As part of our overall IT support and cyber security services, SkyTerra will guide you through implementing the following ransomware attack prevention recommendations:
- Make backups a priority. If you don’t have a plan in place, you need one — yesterday. Put it on the front burner and keep the heat on high until it’s done.
- Streamline your backup solutions. Having 10 different backup vendors for each type of data is just going to confuse everyone — not to mention cost more. Your MSP, in conjunction with your staff, can develop a disaster recovery plan that works for your business and your budget.
- Educate your staff to spot potential problems. Not every email is legit even if it looks like it’s coming from someone you worked with before and trust. It could contain a worm or other malware to compromise your data. Teach employees to spot suspicious emails, texts and social posts. The right MSP will provide comprehensive cybersecurity training as part of their IT support.
If you chose not to hire an MSP, assign a member of your staff to review the latest trends in malicious attacks. Then have them pass on that knowledge to colleagues: But keep in mind this is a full time job. It’s hard to stay on top of trends, even for security professionals.
- Get ransomware protections: Complete endpoint protection, including a firewall antivirus and/or anti-malware on each device that has access to your data is an absolute necessity. Make sure your MSP is using next-gen EDR (endpoint detection and response).
- Simulate cyber attacks using emails or texts. Simulations are one of the best training tools available. They identify weaknesses, but they are a difficult task to achieve especially in a business without a large in-house IT team. Training is one of SkyTerra’s specialties.
Of course, the cyber security needs of your company are unique, but you don’t have to figure them out on your own. We’re here to help, contact us or book a meeting for a free no-pressure consultation.