Ransomware Threat to SMBs

Over the last year, ransomware has unfortunately been a threat we are becoming increasingly aware of and want to prevent, impacting every sector as attacks increase in frequency and sophistication all the time.

A report of Checkpoint research says, few small and medium sized businesses realise they are just at risk, if not more so than larger enterprises. In fact, in 2022 alone, 61% of all cyberattacks were aimed at small businesses.

The importance of SMBs in India cannot be ignored where the Ministry of State for Micro Small and Medium Enterprises stated that MSMEs contributed to 35.98 percent of India’s total manufacturing output in 2020-21, with MSMEs providing employment to about 111 million persons in India and contributing to approximately 50 percent of overall exports from the country. Infact MSMEs account for 27 percent of India’s GDP and serves as the backbone of the economy according a recent Assocham-Crisil report.

Part of the appeal for these cyberattacks on SMBs is that SMBs retain a wealth of confidential information from medical records to bank accounts, all of which cybercriminals can either sell or hold for ransom.

The initial cost of a ransomware attack can be crippling, not to mention the additional fines SMB companies may be subject to if confidentiality laws are breached. Adding to that the loss of customer trust that many SMBs rely on to compete with larger companies, and you get a clearer picture of how devastating an attack can be.

It is time to Control the use of USB sticks and external hard drives

SMBs expect 40% of employees to continue working remotely for at least part of the week. Ensuring their security is managed correctly should be your highest priority. For example, we’ve all been tempted to transfer files between colleagues or organisations using an external memory stick or USB drive, but it only takes one unsecure device to compromise an entire network.

When these sticks and drives are openly shared, it becomes increasingly difficult to track the files they contain. On top of this, how do you know who has used the device previously and where it has come from? Using endpoint protection tools, blocking access to physical ports and only allowing the use of approved sticks or memory cards can all reduce the likelihood of a breach.

Secondly, don’t backup data to your main server

Often companies are lulled into a false sense of security because they have a back-up somewhere, but in many cases, they are saved on the same server as all of their other data, meaning it will all become available during an attack.

Instead, organisations should identify essential data that your business cannot function without and have a completely isolated, off-site network backup so when they are recovering from a ransomware attack, employees can access key files that allow them to continue with day-to-day operations.

Ransomware is a growing problem and is showing no signs of slowing down. As a result, SMBs need to act now before an attack occurs. Your cybersecurity strategy isn’t a one-off project, it needs to be agile so that it can adapt as the threat landscape changes.

Dr. Deepak Kumar Sahu, President & CEO, VARINDIA