Ransomware Has SMBs Reprioritizing Their Cybersecurity Spending to Combat Attacks

Ransomware Has SMBs Reprioritizing Their Cybersecurity Spending to Combat Attacks New data shows that SMBs can clearly see where they have cybersecurity issues and are taking great strides to put their devoted budget to security technology and services that actually have a chance at solving the problem!

I spend so much of my time covering stories where organizations simply aren’t prepared for an attack or have their focus on areas of cybersecurity that clearly are less a risk to the organization. So, it’s a pleasure to be able to see indications that organizations – particularly SMBs in this case – have their heads screwed on straight when it comes to preparing for cyberattacks.

In Datto’s SMB Cybersecurity for MSPs Report, it’s evident that SMBs are now putting more emphasis on IT spending and, in specific, cybersecurity spending. With 42% of SMBs planning on increasing their IT budgets this year, the question becomes what are they spending it on?

If you’ve been paying attention at all to ransomware attacks and all the data I’ve presented on this blog, you know part of the challenge is the user. Without them understanding the part they play in the organization’s cybersecurity stance, as well as the proper cyber hygiene and vigilance they need to maintain in order to be effective in doing their part to protect the organization, cyberattacks will continue to succeed.

According to the Datto report, four of the top five security solutions SMBs will invest in all point back to the prevalence of ransomware:

1-10-23 Image

With phishing attacks remaining the top initial attack vector for ransomware attacks, and with 11.7% of attacks making their way past security solutions to the Inbox, the choices in the top five solutions (with the exception of firewalls) all directly address aspects of a attempted and/or successful ransomware attack.

This makes a lot of sense when you cross-reference the top five reasons SMBs feel they have had cybersecurity issues, according to the report:

Phishing emails: 37%
Malicious websites/web ads: 27%
Weak passwords/access management: 24%
Poor user practices/gullibility: 24%
Lack of end-user cybersecurity training: 23%

I’m thrilled to see that all of these issues can be partially or completely addressed simply with Security Awareness Training and that training is a part of the top five areas SMBs are investing in. This demonstrates we may have a very different cyberattack efficacy rate in 2023!

A Master Class on IT Security: Roger Grimes Teaches Ransomware Mitigation

Cyber-criminals have become thoughtful about ransomware attacks; taking time to maximize your organization’s potential damage and their payoff. Protecting your network from this growing threat is more important than ever

Join Roger Grimes, Data-Driven Defense Evangelist at KnowBe4, for this thought-provoking webinar to learn what you can do to prevent, detect, and mitigate ransomware. You'll learn:

How to detect ransomware programs, even those that are highly stealthy

Official recommendations from the Cybersecurity & Infrastructure Security Agency (CISA)

The policies, technical controls, and education you need to stop ransomware in its tracks

Why good backups (even offline backups) no longer save you from ransomware