Key findings from Datto’s Annual Global State of the Channel Ransomware Report
Each year, Neuways’ Business Continuity and Disaster Recovery partner, Datto surveys over 1,000 Managed Service Providers (MSPs). The results form the Annual Global State of the Channel Ransomware Report, giving insights into the challenges MSPs have faced over the year.
Here are some of the key findings from Datto’s 2020 Report and what it means for SMBs…
Ransomware remains the largest cyber threat for businesses
Nearly 70% of MSPs have reported that ransomware remains the number one malware threat for their clients.
This comes as no surprise, as 2020 has seen a surge in cyber-attacks. Cyber criminals have taken advantage of many employees moving to remote working. The increase has targeted some businesses with multiple phishing email campaigns per day, hiding ransomware within them, through malicious links or attachments.
However, there were indicators that MSPs and SMBs were prioritising battling ransomware in the last 12 months. This could be seen in the overall number of ransomware attacks declining slightly from 2019. An increase of 50% in SMB security budgets, combined with the use of security measures like two-factor authentication (TFA) point to a wider increase in security awareness.
Businesses of all sizes must prepare their front line of defence: their employees. Today, companies must provide regular and mandatory cyber-security training to ensure all employees can spot and avoid potential attacks.
Phishing attacks remained the most successful attack vector used by cyber criminals, followed by employee errors that could be avoided with better security training. These consist of a lack of cyber-security education, weak passwords and poor user IT practices.
COVID-19’s impact on cyber-security
COVID-19 has had an impact on cyber-security, but the disruption seems to have not been as detrimental as you might think.
While MSPs seemed split on the security impact of the global pandemic, 59% said remote work due to COVID-19 had resulted in increased ransomware attacks. With the move to remote working, 52% of MSPs reported that shifting client workloads to the cloud had also increased security vulnerabilities.
COVID-19 has also seen certain industries affected by pandemic-themed cyber-attacks. MSPs found that healthcare, finance/insurance, professional services and legal industries were the industries most often targeted by cyber criminals. This was most likely as they were industries directly affected by COVID. For example, if a hospital was overwhelmed by a rise in positive COVID-19 cases, then their IT security may have been more vulnerable than before the pandemic.
Cost of Ransoms vs Downtime
Concerningly, the cost of downtime rapidly accelerated during 2020.
MSPs found that the average cost of downtime for businesses has risen by an astonishing 94% year-on-year, from £105,867 in 2019 to £205,878 this year.
Business downtime can occur due to ransomware attacks and natural disasters, such as a fire or flood, with businesses forced to shut and lose out on valuable trading time.
Ransoms are often demanded of cyber-attack victims to extract money from them, in return for the retrieval of their business data or control of their systems. 2020 saw little change in the average cost of ransom requests, with each incident costing an average of £4,200 per incident, compared to £4,425 last year.
It is clear to see, though, that the cost of downtime far outweighs the ransoms cyber criminals set for their victims. While this does not advocate paying ransoms, it places larger importance on businesses having the proper procedures in place to deal with downtime more efficiently – business continuity is more of a priority for business now than it has ever been.
Additionally, 62% of MSPs said their clients’ productivity was impacted due to attacks, with 39% saying clients experienced business-threatening downtime. This leads us to the most important point to be taken from the report…
Businesses must prepare for an uncertain future
One thing that 2020 has proven, is that SMBs need a strong Business Continuity and Disaster Recovery (BCDR) strategy. Once again, survey data shows that there is no simple way of preventing ransomware attacks, even with proper security solutions in place.
This led to business continuity being ranked the number one solution to combat attacks this year. 91% of MSPs said clients with BCDR products in place were less likely to experience significant downtime from ransomware.
As ransomware is designed to spread across networks and cloud-based applications, endpoint and backup solutions designed for fast restores are critical. 76% of MSPs rated the most common ransomware recovery method as restoring a machine from backup. Lesser used methods included, restore from files (36%), re-image from default (33%) and virtualising a system from a backup image (31%). Then latterly, running software to clean-up threat (27%), with the least used method being a paid ransom (15%).
It isn’t just one solution required, though. No, SMBs need multiple solutions to combat cyber-attacks. Reducing the risk of infections requires a multi-layered approach rather than a single product. By partnering with the right MSP, a bespoke IT security solution can be created that aligns with your overall business technology strategy, while ensuring your business stays cyber safe and operational – both of which will be key during the next 12 months.