SMBs account for 99% of all businesses in the USA, and create 1.5 million new jobs every year, 64% of the total. This means that SMBs are a true economic powerhouse in the States. Although many of these companies believe that they are too small to be attacked by cybercriminals, almost half of all cyberattacks in the world target this kind of business.

SMBs and ransomware

According to a recent study, SMBs still have a lot of work to do when it comes to protecting against ransomware. To reach this conclusion, Infrascale interviewed over 500 C-level executives in SMBs. The results shed some light on the attitudes of this business segment towards ransomware attacks.

The most striking statistic is the fact that almost half (46%) of the SMBs surveyed have experienced a ransomware attack. However, the kind of SMB has an effect on this number. Among the SMBs in the B2B sector, 55% have fallen victim to a ransomware attack, while in the B2C sector, it falls to 36%.

Whether the SMB is B2B or B2C also has an effect on how prepared the company is to deal with ransomware. While in general, 83% of SMBs feel prepared for a ransomware attack, in the B2B sector, the figure is 87%, while in B2C, it is just 77%. For the 17% of SMBs that do not feel prepared for ransomware, the principal obstacles are time and resources.

Thirty-two percent of SMBs say that they do not have enough time to research ransomware mitigation strategies. The same percentage said that their IT teams were so stretched that they do not have enough resources to deal with the ransomware threat.

Paying the ransom offers no guarantees

Being unprepared for a ransomware attack can turn out to be very expensive for an SMB, especially if it decides to pay the ransom. Among the SMBs that have suffered a ransomware attack in the B2B sector, 78% paid the ransom demanded by the cyberattacker; in the B2C sector, 63% of organizations too the same decision.

This is not a cheap option: 43% of SMBs that have paid a ransom paid between $10,000 and $50,000. Thirteen percent of those that chose to pay the ransom were forced to pay over $100,000.

Among the SMBs that haven’t paid a ransom, 26% would consider paying one to get their data back. Sixty percent of organizations say that they would choose this option to recover their files quickly, while 53% say they would pay to avoid the reputational damage related to data protection and data recovery efforts.

However, even if the company chooses to pay up (an option that Panda and other experts strongly advise against), there is no guarantee that the organization will recover its data: 17% of companies that have paid a ransom say that they only recovered part of the data lost in the attack.

How to avoid ransomware in SMBs

Even though 72% of SMBs have a plan to mitigate ransomware attacks, it is not enough. Those with no plan are exposing their data to unnecessary risk, as well as endangering their clients and partners. This is why it is so important that measures be taken to stop ransomware affecting SMBs.

The first step is to properly protect email, which is the attack vector for 91% of all cyberattacks. To stop a phishing email from leading to a ransomware attack, never open links or attachments from unknown senders.

Another point of entry that needs to be monitored are RDP (Remote Desktop Protocol) connections. Ever since a large percentage of the workforce has been working from home, these connections have become vital. However, they are also a popular target for cyberattackers: every day there are a million brute force attacks against this protocol. RDP connections are the first step in 63% of ransomware attacks.

To protect against these kinds of incidents, it is also vital to have an advanced cybersecurity solution. Panda Adaptive Defense stops any unknown process until it can determine whether or not it is malicious. What’s more, it also monitors all endpoint activity, and thus knows exactly what is happening on the system at all times. This way, no advanced cyberattack targeting companies, even ransomware, can run on protected computers.

Using the right tools for each company is a must to keep computers safe. Protect your SMB with Panda Security.