Most small businesses wouldn't survive a week after getting hit by a ransomware attack.
New research from CyberCatch, a San Diego-based cybersecurity platform provider, shows that 75 percent of small- and midsize businesses would be forced to close shop if a bad actor demanded a ransom not to infect their systems with malware. The survey of 1,200 small- to midsize businesses in North America was conducted by Momentive, a market insights company, on behalf of CyberCatch, in March of this year.
It's not just the ransom's dollar amount that can push a business over the edge, it's the complete disruption to operations that ensues when an organization must navigate an attack. That's according to Jon Miller, who serves as the CEO and co-founder of the Austin-based ransomware platform Halcyon.
And businesses aren't preparing for those disruptions. Thirty percent of small-and-midsize businesses polled in the CyberCatch survey did not have a written incident response plan, which helps spell out how an organization should respond during a breach.
While preparation is key to preventing a cyber incursion, how you respond in the days just following an attack is also vital. In the immediate aftermath, here are four ways to soften the impact and protect yourself:
1. Assess the attack
Take a picture of the infected device's screen before unplugging it, says Halcyon's Miller. Businesses should pay attention to any payment deadlines imposed by the bad actor, or the number of days they have until the ransom may increase. They should also check their systems to ensure that the rest of their network is not compromised.
2. Call in the experts
After a business unplugs the infected device (or devices), Miller says the next step is to dial legal counsel to gauge the appropriate next steps for reporting the attack. Data privacy attorneys may be helpful in these situations, too. Then it's time to call your cyber insurer, and, if necessary, law enforcement.
3. Dive into data recovery
Check up on backup systems to assess what data is recoverable. For those that don't have backups, Miller recommends working with an incident response company that is better equipped to communicate with the cyberattackers and can even help negotiate and reduce the price of the ransom, according to Miller. He cautions that if a business does pay up, and access to its files is restored, "this doesn't guarantee full recovery, because frequently a percentage of files are corrupted."
4. Reset your systems
It's imperative for an organization to reset all passwords within the company following an attack. Businesses should also make sure that they have the latest versions of software and run any patches (or modifications to existing programs) to strengthen security. Miller adds that organizations should keep an eye out for backdoors into their organizations that bad actors could exploit. Looking into some form of anti-ransomware service could also benefit businesses.
While larger companies can afford to take the hit and pay the ransom, many small businesses aren't as well equipped to throw money at the problem. There's also ample debate on whether ransoms should be paid; Miller cautions against it.
"There is a problem with paying these people and letting them know that you're willing to pay, because it gives them precedent to come right back one year later and do it over again," Miller says. Businesses "need to figure out what hole [they] have that let the ransomware through, and fill it."