Six Ransomware Misconceptions Oneonta Businesses Tend to Have

Ransomware, ransomware, ransomware. Every day the news reports of a company, a hospital, or even a city getting hit with a cyberattack. It is to the point where it is becoming “background noise”. Unfortunately, many business owners have reached the point where they have begun to tune out the warnings and are lowering their defenses, exposing themselves to risk. Here are 5 misconceptions local businesses have regarding ransomware.

Are You Tired of Hearing About Ransomware?

As ransomware continues to dominate the news, it’s easy to be desensitized. It’s no surprise, considering since 2016, there have been 4,000 ransomware attacks in the US every day. Companies are deluged with information about ransomware attacks. 

Unfortunately, familiarity breeds contempt, and while many businesses have seen an increasing amount of press about the dangers of ransomware, some remain unconvinced.

They aren’t alone. Cyberattacks, in general, are exhausting and are often reported in a way that makes them uninteresting or unsubstantial. Granted, every month or two we see a big attack that causes a tangible stir, but it's easy to assume that you won’t be targeted because the result won’t lead to some big catastrophe for the rest of the world. A small business in Oneonta getting hacked won’t drive up gas prices, so why would you be targeted?

That’s the problem though—most of these attacks aren’t high-profile, but they are still devastating for the target.

By The Numbers: 6 Ransomware Misconceptions Your Business Probably Has

• 1. MYTH: A Ransomware attack isn't that big of a deal.

How long could your business survive without accessing ANY of your data? The average downtime a company experiences after a ransomware attack is 21 days. (Coveware, 2021). Your downtime will, of course, depend on a variety of factors. How prepared were you? How many workstations are affected? For example, according to Acronis, a successful ransomware attack will infect at least 20 computers in the organization.

Additional factors include if you had a backup and if your customers or vendors retain confidence that you can protect their data. If you're like most small to medium-sized businesses, being unable to generate an income for nearly a month would drastically affect your bottom line. Not to mention losing a significant number of customers and vendors who lose confidence in your business.

• 2. MYTH: Spam is something you can live with.

Besides being a resource hog, spam is also a vector for ransomware via phishing. If you're like most businesses, you haven't trained your team to recognize phishing or what to do when they receive it. About 1 in 6,000 emails contain suspicious URLs, including ransomware. The most common tactics hackers use to carry out ransomware attacks are email phishing campaigns, RDP vulnerabilities, and software vulnerabilities. (Cybersecurity & Infrastructure Security Agency, 2021)

• 3. MYTH: Remote work and BYOD means ransomware isn’t an issue.

Never forget, unless you train your team on best practices, they will default to the techniques they use in their personal lives. Since 65% of employers allow their employees to access company applications from unmanaged, personal devices. (Bitglass, 2020), there is a strong chance that team members will expose themselves and your network to cyberattack.

• 4. MYTH: If I pay the ransom, the problem will go away.

As reported by Cybereason, 2021, a survey showed that 80% of victims who submitted a ransom payment experienced another attack soon after. 46% found most of it was corrupted and therefore unusable for those who regained access to their data. 

Here’s the thing; there are McDonald's restaurants just about everywhere you go in America because no matter where you put one, a McDonald’s tends to be profitable. Ransomware is the same way. The reason ransomware has been such a common threat the last few years is because it works for the cybercriminal. They are making money because businesses end up paying the ransom. If it continues to make money for hackers, they aren’t going to stop. Paying the ransom just keeps perpetuating the issue.

• 5. MYTH: I have business insurance, so I’m good to go.

Even if your business insurance covers ransomware attacks, how much does it cover? According to Cybereason, 2021, 42% of companies with cyber insurance policies noted that their insurance only covered a small part of the damages a ransomware attack inflicted upon their business. How much would it cost to pay out of pocket to have your data recovered, if possible to do so, or to pay any fines because you failed to protect your data?

• 6. MYTH: My company is just a small business in central New York, I’m not a target.

This is the one we hear the most. It doesn’t matter how big or small you are, or what your circle of influence looks like. If you have computers, you are a target. If you are connected to the Internet, you are a target. While some ransomware attacks are carefully targeted, the majority are blasted out to lists of hundreds of thousands of email addresses. There are automated bots on the Internet that seek out contact forms on websites and fill them out with fake messages trying to trick businesses into downloading malware and ransomware. There is nothing about the size or location of your business that is going to prevent you from being targeted. 

As an Oneonta Business, You’re a Prime Target for a Ransomware Attack

While we have provided a healthy dose of statistical information, the most important numbers to consider is that 43% of cyberattacks target small businesses and that 60% of small businesses that are victims of a cyberattack go out of business within six months. Since most companies are small to medium-sized companies, the chances that you will be a target sooner or later is a statistical probability. It’s more likely you will be targeted if you continue to treat ransomware as something that happens to other businesses. 

It is critical for smaller businesses to understand and accept that no business is too small for a cyberattack. In today’s connected business environment, there is a strong possibility that a smaller business will have some connection to a larger one, and that makes them targets as they often haven’t invested the resources to protect their data… a fact that cybercriminals expect and rely on. Businesses are no longer islands unto themselves, and must enable processes to protect their data from gaps which may expose it when they connect to other businesses.

These processes include, but are not limited to: 2FA, access privileges, and training your team to recognize phishing and report breaches and suspicious activity. If you’re not sure of how to protect your organization, we can help. Call 607.433.2200 today to schedule an appointment and give your business the cybersecurity tools needed to protect your data.