Top-to-bottom business awareness, employee education, multi-layered security protection, and proper business continuity planning continue to be a much needed prescription for avoiding the number one malware threat to SMBs.
As one menace to business livelihood (the COVID-19 pandemic) dominates headlines, another continues to lurk in the shadows as a significant threat to businesses of all sizes — ransomware.
Datto recently released its annual “Global State of the Channel Ransomware Report.” Based on statistics compiled based on a survey of more than 1,000 Managed Service Providers, the report provides unique visibility into the state of ransomware from the perspective of the IT channel and MSPs around the world. It also covers the impact that COVID-19 and the increase in remote work, and cloud computing, has had on ransomware trends.
Largely, the story remains unchanged. Top-to-bottom business awareness, employee education, multi-layered security protection, and proper business continuity planning continue to be a much needed prescription for avoiding the number one malware threat to SMBs.
6 Takeaways from the 2020 Datto Ransomware Report:
1. Attacks increased due to COVID-19, but not convincingly.
Many MSPs reported that the number of ransomware attacks and security vulnerabilities increased during COVID-19 due to an increase in remote work and cloud computing. However, it wasn’t an overwhelming increase — more of an even split between those who saw an increase and those who did not.
59 percent of SMBs said remote work due to COVID-19 resulted in increased ransomware attacks. Meanwhile, 52 percent of MSPs reported that shifting client workloads to the cloud came with increased security vulnerabilities. These can be attributed to end user carelessness and BYOD-related vulnerabilities.
2. Ransomware still reigns supreme.
Nearly 70 percent of MSPs report ransomware as the most common malware threat to SMBs.
However, respondents reported a slight decline in the frequency of attacks. 78% of MSPs reported attacks on their clients in the past two years, down from 85% last year. That being said, ransomware is still a very real threat with 60% of MSPs seeing attacks in the first half of 2020.
Additionally, as the global economy continues to recover, 92 percent of MSPs predict that attacks will increase in the next year.
3. Awareness is on the rise.
According to the report, while there’s still a disconnect between SMBs and MSPs when it comes to ransomware readiness, SMBs are beginning to take note of the serious consequences at stake with ransomware.
According to the report, 30 percent of MSPs report SMBs are “very concerned” about ransomware, a number slightly up from the year before. Perhaps more telling? 50 percent of MSPs report their clients increased budget for IT security in 2020.
4. Yet, end user education still suffers.
While IT spend increases, end user education remains a missing piece to the ransomware prevention puzzle. When asked the leading causes of ransomware attacks reported by MSPs, the top three listed were Phishing emails, poor uses practices/gullibility and lack of cybersecurity training.
All three of these cases point back to end user education and the necessary training it takes to effectively eliminate SMBs from taking the “bait.”
5. The cost of downtime is tremendous.
The ransom attached to a ransomware attack is costly, but it pales in comparison to the cost of downtime. In fact, MSPs report the cost of downtime is nearly 50X greater than the ransom requested.
The average cost of downtime in 2018 was $46,800, and that number grew to an average of $274,200 in 2020. In other words, MSPs reported that the average downtime cost per incident has increased by 94% from 2019 and a staggering 486% from 2018.
According to the report, “This may mean that downtime costs have increased, or it could mean that MSPs are getting better at calculating the real costs of downtime. Either way, it’s clear that MSPs understand that the damage associated with business downtime is far more costly than the actual ransom.”
6. A business continuity strategy is imminent.
91 percent of MSPs said clients with a Business Continuity/Disaster Recovery (BCDR) plan and strategy in place are less likely to experience significant downtime from ransomware. Among the most effective solutions to combat ransomware, following BCDR, were employee training, endpoint detection and response platform, and patch management.
“Once again, survey data shows that there is no surefire way of preventing ransomware attacks, even with proper security solutions in place. That’s why business continuity was ranked the number one solution tocombat attacks again this year,” The report states.
Interested in reading further? Click below to download the full report!