RANSOMWARE continues to be a thorn in the side of businesses, and SMBs are no exception, according to The State of the Channel Ransomware Report from Norwalk, Conn.-based Datto Inc., which surveyed 2,400 managed service providers, Datto partners, and customers. Indeed, 79 percent of MSPs say their clients were struck by ransomware in the last two years, and 55 percent report attacks in the first half of 2018 alone.
Ransomware is creeping into the cloud as well. Twenty-eight percent of MSPs have seen attacks in SaaS applications, up 2 percent from last year. This includes Office 365, with 49 percent of MSPs reporting infections (up 17 percent from last year) and G Suite, with 22 percent reporting infections (up 1 percent).
Yet many SMBs remain blithely untroubled—just 36 percent of MSPs say their customers are “highly concerned” about ransomware, while 89 percent think they should be.
The evidence suggests those MSPs are right. Among malware threats to SMBs, ransomware tops the list, ahead of viruses, adware, and spyware. CryptoLocker and WannaCry are the most prevalent attacks. The consequences include loss of business productivity (67 percent), downtime (53 percent), and loss of data and/or devices (43 percent).
SMBs are paying the price too. While the average ransomware request is $4,300, the cost of downtime is $46,800 per incident, according to the report.
MSPs say lack of end-user cybersecurity training is the leading vulnerability, followed by poor user practices/guidelines, and weak passwords/access management.
There is no sign of abatement, either. The vast majority of MSPs surveyed (92 percent) expect ransomware attacks will continue at current or increasing rates.
That boils down to plenty of work to do for MSPs going forward. SMBs without dedicated IT staff will need an MSP knowledgeable in cybersecurity to help ensure business continuity, according to the report. Other recommendations include employee awareness training and implementing layered security and BDR solutions.