There was no economic slowdown for cyber criminals. Already working remotely, they have continued to refine their tactics and improve their techniques for trolling small and midsize businesses (SMBs) for ransomware opportunities. The remote workforce only enhances their opportunities as the work-from-home trend brought on by the pandemic puts workers on their home networks, potentially beyond the security of a VPN. With all the challenges associated with navigating the pandemic, getting hit with a ransomware attack could not come at a worse time. A cyber attack can take your business down as sudden as a heart attack.
The good news is that SMBs continue to take positive steps forward in preparing for and defending against attacks. Analysis of the Q4 2020 Vistage CEO Confidence Index survey revealed other improvements — now 49% of SMBs report having an active, up-to-date cybersecurity plan in place, up 11 percentage points since 2017. The bad news is that 51% of SMBs are still vulnerable and exposed at some level. And just because you have a plan in place doesn’t guarantee you won’t get hit.
The best line of defense with ransomware is to be on the offense. According to Joseph Beaulieu, CEO of eStrategic Technical Solutions, “2020 saw the highest attack rate yet and in late 2019 more money was paid to bad actors than ever before at $84,116 — a 200% increase year over year.” If that financial impact is not concerning enough, he adds, “server downtime costs a company on average an additional $274,000 per attack, making it a costly year for those businesses impacted.”
To provide additional context, Beaulieu points out that in 2019, 50% of all cyber attacks were against small and midsize businesses — “that resulted in a successful attack rate of 69%,” he says.
The threat is real for all companies. With so many businesses moving to a distributed workforce in 2020, their guard was down, and these numbers show it. It is more important for CEOs now than ever before to be ready for when, not if, the attack hits your business. How they prepare for such an attack will determine how quickly they can recover from the attack as well as mitigate the cost to the business.
Beaulieu shares the following guidance for CEOs on how to best prepare their cyber defense, which starts with prevention. These steps will first, help prevent an attack and secondly, help minimize downtime if an attack is successful. “It is important to note that it is impossible to 100% guarantee that attacks will not happen with proper cyber security postures in place but a good defense will reduce the risk greatly,” says Beaulieu.
By having a plan in place to protect against ransomware and other unforeseen circumstances, you can minimize the impact of the downtime to the company and eliminate the need to pay ransomware.
Joseph Beaulieu, CEO of eStrategic Technical Solutions, has over a decade of experience providing advice to both private and public sector businesses small and large. He has lead and architected mission critical projects for the U.S. government, and has identified, consulted, and developed solutions for a small business looking to break the $10M threshold without having to add to the labor count. His ability to analytically identify process gaps and recommend IT solutions to fill the void provides businesses a unique advantage when looking to remain competitive without having to increase their overhead.