Small and medium-sized businesses (SMBs) are increasingly in the crosshairs of ransomware gangs, an escalating cyber threat that could prove existential. According to recent data, more than half of the ransomware attacks by the notorious LockBit ransomware group in 2023 targeted companies with fewer than 200 employees.
And there’s another harsh reality – 3 in 4 of these smaller firms would likely shut down permanently if forced to pay a ransom demand. The combination of the ransom payment itself and the crippling disruption to business operations would simply be too devastating for many organizations to withstand financially.
Small businesses often lack the resources and personnel to implement the same robust cybersecurity defenses enterprises have. And, while the investment in data protection software may seem cost prohibitive, the consequences of not implementing it can’t be overstated. The fact is that SMBs can no longer afford to deprioritize cyber resilience.
The prevalence and impact of data security threats like ransomware are the No. 1 risk facing nearly half of SMBs. Perhaps more alarmingly, nearly two-thirds already have suffered the consequences of a successful ransomware attack in which bad actors breached their systems in the past two years alone. This highlights just how pervasive and indiscriminate the ransomware danger has become across all IT environments: on-premises data centers, private and public clouds and edge computing.
While many companies are making progress in increasing their cybersecurity investments, nearly a third still do not have a comprehensive data recovery plan in place, leaving them exceptionally vulnerable. Having a thoroughly developed – and rehearsed – action plan to swiftly recover from a ransomware incident is absolutely critical to limiting damages and ensuring business continuity.
The basics
To fortify their defenses and ensure resiliency, SMBs should take a multi-layered approach with at least the following elements:
- Robust backup and recovery. This enables swift recovery after an attack. For SMBs, this could involve a combination of on-premises plus cloud backup and recovery services. Backups should follow the 3-2-1 strategy: maintain at least three up-to-date copies of data on at least two different media with at least one offsite.
- Deploy advanced endpoint protection and threat detection. Consider managed detection and response services to augment limited in-house security teams. Implement security information and event management to improve the visibility of threats.
- Develop detailed incident response plans and rehearse frequently. Document clear procedures for containing threats, notifying stakeholders and recovering systems and data. Conduct quarterly full rehearsals of ransomware incident scenarios.
- Maintain strict discipline in patching software. Automate patch management across all devices, servers and software to fix known vulnerabilities. Use authenticated vulnerability scanning to discover unpatched systems and applications.
- Invest in ongoing cybersecurity awareness training. Build a security-aware culture through mandatory security training for all staff. Include examples of real-world phishing and social engineering attacks in this training.
Advanced strategies
The use of immutable backup solutions is one of the most critical advanced strategies an SMB can take to secure its systems and data. These backups create copies of data that cannot be altered or deleted, even by privileged users. This prevents attackers from holding the data hostage through encryption during ransomware attacks. By ensuring the ability to quickly restore systems to a known clean state, immutable backups can significantly improve an organization’s resilience and recovery capabilities.
Another strategy is air-gapping – physically isolating critical systems and backups from the main network. This physical separation stops the spread of threats and prevents attackers from moving laterally across the environment. Combined with robust backup and recovery processes, air-gapping is an effective way to protect an organization’s most sensitive data and systems.
Zero-trust security models assume no user or device is inherently trustworthy, requiring continuous verification and authorization. By eliminating implicit trust, organizations can significantly reduce their attack surface and improve their overall security posture. Closely related to zero trust is the strategy of “limited trusted devices,” which restricts access to approved, managed devices to further minimize the potential attack surface.
A security-first mindset
It’s clear that a laid-back, reactive approach to ransomware preparedness is no longer acceptable for SMBs hoping to survive in today’s hostile cyber landscape. With a mind-boggling 15% of organizations reporting that the current elevated threat level poses an existential risk that could force them out of business in the next 12 months, business owners cannot afford to be complacent.
While no security measure can 100% guarantee prevention, taking these proactive steps can substantially improve an SMB’s cyber resilience and its ability to recover swiftly from a ransomware incident. It only takes one successful attack to do significant damage. Prioritizing cyber resilience could be the difference between joining the growing list of companies forced to shutter their operations and those who successfully navigate the threat landscape.
Simon Jelley is the vice president and general manager for data protection as a service and Backup Exec, Veritas Technologies.
Ransomware stock image by Max Acronym/Shutterstock