Cybersecurity
Ransomware coming for SMEs
Research by Veeam and insights from Trend Micro highlight the profits to be made from small businesses by hackers, writes ARTHUR GOLDSTUCK.
A recent research study by global data management providers Veeam Software among 1,200 IT leaders concluded that it was not a question of whether organisations would be targeted by cyber-attacks, but how often. Most of the attacks were designed to extract ransomware from the companies, and most companies paid up, thanks to insurance covering just this eventuality. Globally, said Veeam, 77% of ransoms were paid by insurance, but this figure rose to 82% of cyber-victims in Europe, the Middle East and Africa.
Fortunately for these companies, most of them were insured for the eventuality. Unfortunately for them, the cost of that insurance is rising steeply, and is increasingly being excluded from cyber insurance policies.
As challenging as this is for large enterprises who make juicy targets for hackers, spare a thought for smaller businesses that simply cannot afford this kind of insurance. And now, according to cybersecurity providers Trend Micro, the criminals are turning their aim squarely onto small and medium enterprises (SMEs).
“Attack surfaces are expanding and increasing cyber risk at organisations of all sizes,” said Gareth Redelinghuys, Trend Micro MD for Africa, during the recent Johannesburg leg of the company’s Risk to Resilience cybersecurity world tour. “Trend research has shown that many executives don’t fully understand what resources their security teams need to discover and mitigate vulnerabilities.”
This is an even greater challenge for SMEs, and in particular start-ups, said Dr Moataz BinAli, Trend Micro regional vice president and managing director for the Mediterranean, Middle East and Africa.
Why would hackers attack small businesses or startups with their tiny revenue streams, as opposed to large enterprises worth billions, and who often rely on their insurers to pay up? On the surface, it would appear that the return on investment (ROI), so to speak, would not make smaller targets viable for cyber criminals.
BinAli had a fascinating perspective on the topic.
He told us: “The unique thing about the Middle East and Africa region is the sheer number of startups that are coming up every day. For a very long time, we were behind the curve when it came to entrepreneurship and startups. After Covid, the region has to some extent had an awakening, and startups, entrepreneurs, started popping up everywhere, in every single industry, on every single topic.
“Most of the startups are in one way or the other technology-related. If they don’t have technology as a core, they have technology as a support factor. And the more technology comes up, the more you’re prone to have issues in cybersecurity. New technologies mean new loopholes, mean new threats, mean new vulnerabilities every day.”
Clearly, the SME, the entrepreneur and the startup are more vulnerable than large organisations, because they don’t have large teams to manage their cybersecurity infrastructure. They also tend not to put capital investment into cybersecurity, versus their core business. But there is an even more potent reason for them coming under attack at a scale never seen before.
“With the sheer numbers of vulnerable startups coming up, their quantities have just become so large that, from an attack perspective, the ROI makes sense. So if I develop ransomware right now, the ROI is that it could reach a thousand startups. For me, if I was a criminal, that is better than the ROI coming from me attacking one organisation.”
And then there is the final, fatal attraction: “Moreover, all of these startups have something that a lot of other big organisations don’t, which is the open connectivity between them. Their technologies are not usually 100% separate. They piggyback on top of each other’s developments and technologies. So at one stage, if you hit one, you hit 10. And if you hit 10, you actually end up hitting 1,000.
“Startups are ripe for ransomware.”
Chris Norton, regional director for Africa at Veeam Software, says: “Start-ups are often viewed to be as lucrative as big companies by cyber criminals and therefore need to put ransomware resilience at the top of their agenda in the same way that larger businesses do. In addition, SMEs are often part of larger firms’ supply chains, so protecting themselves from cyber-attacks can be critical for retaining business as well as winning new clients.”
Norton’s advice to SMEs is the old saying that the “best line of defence is a strong offence”.
“A key tactic to surviving a ransomware attack is to make immutable backup repositories that cannot be deleted or corrupted and which are the basis of a fast, reliable recovery to get business up and running again quickly. It’s more cost-effective to put these measures in place as part of IT policy upfront than it is to retrofit them. It’s also much cheaper when compared with the losses associated with ransomware attacks.
“Small businesses require integrated technology solutions that help them manage and restore complex data, which is ultimately the livelihood of their business. The bottom line is that small businesses must be able to protect vital data – and with ease. However, the reality is that they often have fewer resources to fall back on, with potentially reduced built-in financial or systemic resilience to help them through. This is why SMEs need to make the most of technology that they can instantly benefit from without sacrificing time and resources that could be spent on other business areas.”
Fortunately, he says, there are cost-effective software solutions that provide this data protection as well as access to the skills that SMEs may not have in-house.
“This means they can confidently protect and, if needed, restore lost data anytime, anywhere with built-in data resilience, security and recoverability. No business can afford the loss of productivity, customers and revenues associated with ransomware attacks, but SMEs are more exposed than their larger counterparts.
“However, they do not have to be.”
* Arthur Goldstuck is founder of World Wide Worx and editor-in-chief of Gadget.co.za. Follow him on Twitter on @art2gee