Although ransomware attacks always seem to be in the news, many Australian small- to medium-sized businesses think they’ll never fall victim to one themselves. There is a perception that these types of attacks only happen to the “big guys”, the ones with all the equity.
However, according to the latest Sophos State of Ransomware Report, 80 per cent of all mid-sized organisations in Australia were hit by ransomware in 2021, up from 45 per cent in 2020. By comparison, 66 per cent of all global respondents experienced a ransomware attack in 2021.
Still, many SMEs continue to take an “it won’t happen to us” approach and fail to comprehend the risks and implications of ransomware. This mentality needs to stop, as the days of cybercriminals exclusively targeting large organisations are long gone.
Unlike attacks on larger enterprises, individual attacks on SMEs won’t bring huge paydays for criminals in isolation. However, in recent years, threat actors have been launching attack campaigns on a range of smaller victims with weak defences over a short period of time, turning substantial profits through sheer volume.
Why?
Cybercriminals are now putting focus on small businesses that don’t have adequate cybersecurity controls in place to identify, stop or recover from attacks. Many small businesses are incredibly vulnerable, and lucrative as they’re seen as ‘easy wins’ for cybercriminals. Unfortunately, 60 per cent of small businesses that suffer a cyber attack go out of business within six months of an incident. So, why are small businesses so lucrative? It’s all about making as little noise as possible.
Authorities across the globe have ramped up defences against high-profile attacks; Australia appointed its first ever Federal Minister for Cyber Security, and the FBI has tracked down global ransomware gangs, like REvil in recent months. REvil gained notoriety following the Colonial Pipeline attack which caused widespread gas shortages in the U.S. in 2021. Authorities forced the gang offline in 2021 through a multi-country operation.
With new laws giving federal police clear legal authority to investigate and prosecute gangs internationally, this spells good news for cybersecurity as a whole in Australia, however attacks on smaller businesses may still fly under the radar.
What’s next?
Government funding has increased in response to the growing threat of ransomware attacks in Australia, and while much focus has been placed on critical infrastructure and public sector security, the government provides a range of guides and frameworks to help SMEs. These include the Essential Eight, the Small Business Cyber Security Guide, and tips on how to backup and restore files.
As the ransomware challenge facing Australian SMEs continues to grow, optimising cybersecurity is imperative for all organisations. Here are five tips to tighten your security:
- Ensure high-quality defences at all points in your environment. Review your security controls and make sure they continue to meet your needs.
- Proactively hunt for threats so you can stop adversaries before they can execute their attack, if you don’t have the time or skills in-houseer, outsource to a Managed Threat Response specialist.
- Harden your environment by searching for and closing security gaps: unpatched devices, unprotected machines, open RDP ports, etc. Extended Detection and Response (XDR) is ideal for this purpose.
- Prepare for the worst. Know what to do if a cyber incident occurs and who you need to contact and notify.
- Make backups, and practice restoring from them. Your goal is to get back up and running quickly, with minimum disruption.
