With ransomware attacks on the increase, new data shows a material portion of small and medium business organizations are completely ill-equipped to address an attack.
Is it me or shouldn’t even SMB organizations at this point know they’re going to be severely crippled if they aren’t ready for a ransomware attack? I realize I live this stuff, but it’s everywhere in the headlines and SMBs have long-been a soft target with lower budgets, staffing, etc.
But new data from cybersecurity vendor CyberCatch in their Small and Medium-Sized Businesses Ransomware report make it clear that a subset of SMBs are anything but ready. According to the report, on the average:
- 30% of SMBs have no written incident response plan
- Of those that do, 35% of them tested the plan over six months ago
- 21% of SMBs have no offline immutable backups
- 34% of SMBs don’t utilize phishing testing of employees to thwart phishing attacks
This isn’t good. And the projected repercussions are even worse:
- 47% of SMBs would only survive for 3 days after an attack
- 28% would survive only 7 days
I get it that SMBs have limited resources, so it makes sense to put budget toward only a few security measures that will have the greatest cost-effective impact. These include endpoint protection, email protection, patching, cloud-based immutable backups, and Security Awareness Training (along with phishing testing).
By securing the most common attack vectors threat actors use, SMBs have a better chance of not just surviving an attack, but keeping one from ever hitting them.