8 Reasons Why SMEs Are More Vulnerable To Ransomware Attacks.

Tuesday 31st May 2016 •
Billy Law-Bregan, Communications Officer

Please share this article with friends and colleagues (you can use the social share buttons at the top of the page) and lets make life as difficult as possible for the cyber criminals.

SMEs, especially in the UK, seem to be more vulnerable than larger businesses to the horror that is ransomeware.

Have you noticed?

If you type ransomeware into Google and hit search, you’ll find countless numbers of news reports on the latest victims of ransomeware. Cyber criminals are going to extreme lengths to come across as legitimate. And, it’s getting worse.

So, take a minute to look at the list of vulnerabilities below, and see how you can make your business more secure…before it’s too late.

What is ransomware?

Ransomware is a distinct type of cyber attack; it extorts payment from the victim in exchange for allowing access to something that was encrypted in the attack. The most prevalent type of malware used in this kind of crime is crypto-ransomware, which normally encrypts the files on the compromised system, and then demands a ransom, in return for the ability to decrypt and recover the files. The latest iteration of crypto-ransomware is called Locky, and is the most advanced version of ransomware we have seen.

Who’s at risk?

This may come as a bit of a surprise. The main targets are small and medium sized enterprises. Let’s have a look at the 8 most prevalent reasons why SMEs are attractive targets for cyber criminals:

  1. They Favour BYOD.
    • They tend to favour a BYOD environment, where personal devices are also used within the business.
  2. They Lack Technical Awareness.
    • Generally, SMEs employ less technically aware staff that do not understand the risks of clicking links.
  3. They Store Attractive Data.
    • SMEs tend to store and manage attractive data, such as customer contact information, credit card data, health data, intellectual property and more.
  4. They Have Limited Funds.
    • SMEs tend to be less secure, because they don’t prioritise budget spend for sophisticated cyber security technologies, which means that cyber criminals can easily find vulnerabilities they can exploit to get into the PCs or network.
  5. They Have Limited Skills.
    • They can lack the time, budget, and expertise needed to build a strong security system to protect business assets (this includes the lack of an in-house cyber security specialist).
  6. They Fall Victim To Automated Attacks.
    • SMEs can be attacked via automated attacks. Cyber criminals employ readily accessible malware kits to mass-produce attacks with little investments; these attacks are automated and the attackers don’t care who they hit, as long as they get what they want.
  7. They Lack Training.
    • SMEs sometimes don’t prioritise employee training or risk assessments.
  8. They Have Devices That Aren’t Patched
    • SMEs are much more interconnected than they have ever been, with a mix of on-line devices that, unless patched, are vulnerable to attack.

That’s quite a daunting list, isn’t it? But, the million-dollar question is, is there anything that you can do to mitigate against these vulnerabilities? You will never be able to make your systems 100% secure. However, that doesn’t mean that there’s nothing you can do, on the contrary. Here are a few simple things you can do to make your business more secure.

How can SMEs protect themselves?

  • Education: Regularly educate users on the risks of:
    • Opening email attachments.
    • Browsing inappropriate (or non-work related) websites.
    • Installing unknown software.
  • Patch: Most SMEs use Microsoft Windows, Internet Explorer and Office, ensure these are updated as soon as patches are available.
  • Reduce: Take steps to:
    • Limit the number devices that you have in your business.
    • Limit general Internet access.
    • Limit the software that is used.
  • Backup:
    • If an attack is successful, ensure your business data is backed up so that you do not have to pay a ransom. However, when was the last time you restored a backup?

If you follow these tips, you’ll be on the right track to make your business more secure. But, is there anything you can do in the next 2 minutes that will help?


Bonus Tip: Quick Win

There’s one things that you can do right now to make your business more secure.

In 2015, Adobe Flash Player and Microsoft Internet Explorer had 545 bugs between them, a majority of which would allow an attacker to install software on your PC. Using an alternative browser to Internet Explorer that does not enable Flash by default will immediately improve your security posture.

To remain secure in the evolving threat landscape, we need to be on our toes, and stay abreast of the growing threats. Admittedly, this takes a lot of time and investment.

But maybe, just maybe, things are beginning to change.

If you found this article useful, please share it with friends and colleagues (you can use the social share buttons at the top of the page) and lets make life as difficult as possible for the cyber criminals.

Discover Think Colocation is for you?

Purpose built demo suite

All Aboard the Mobile Solutions Centre