Small and Vulnerable: SMEs on the Road to Ransomware Collisions
Search by McKinsey indicated Small and medium-sized enterprises (SMEs) are the backbone of the South African economy.
The SME sector accounts for over 98% of businesses, employs between 50% and 60% of South Africa’s workforce across all industries and is responsible for a quarter of employment growth in the private sector.
While contributions to the gross domestic product of South African SMEs, at 39%, lag behind other regions of the world, such as the European Union with a contribution of 57%, there is no doubt that this sector is an essential engine of the South African economy.
However, it is also the most at risk due to a variety of factors, including its vulnerability to ransomware – the main scourge of cybersecurity today. Ransomware is one of the most dangerous and widespread types of malware today.
Thanks to this lucrative crime, hackers break into a company’s computer system and encrypt data, which they will only publish for a fee. The type and variety of ransomware attacks reveal that they are constantly evolving and becoming more and more innovative. Cybercriminals are increasingly threatening to post or sell information on leaked dark web sites, increasing pressure for victims to pay the ransom.
This year alone, reports of ransomware attacks against major South African organizations include the country’s national port and rail entity, where the Port of Durban alone handles more than half of the country’s shipments. It is also the main gateway for other commodity exporters on the African continent, notably the Democratic Republic of the Congo and Zambia.
The hackers’ ransom statement claimed they had encrypted company files, including a terabyte of personal data, financial reports, and other documents. It is a typical model.
There appears to be a certain degree of naivety when it comes to cybersecurity, with small businesses being persuaded not to be targeted.
One sobering statistic is the fact that in the past 12 months alone, the average cost of resolving a ransomware attack in South Africa was around $ 447,097 (R6.4 million). . This might be a small change for organizations at the enterprise level, but it would be a significant impact on their bottom line for SMEs.
The pervasive problems of SMEs appear to be universal in terms of the risks they face and are not limited to small South African businesses. SMEs are most at risk of being targeted by cybercrime, as cybercriminals increase their efforts and the level of sophistication of their attacks.
As this evolution continues, SMEs must do more to protect this critical sector. Anti-malware software and firewalls are no longer enough: SMBs and all businesses need to have comprehensive protection, backup and recovery plans in place.
SMEs are particularly vulnerable to cyber attacks for a variety of reasons. Naturally, one of the most common problems they face is the limitation of the financial resources available to be allocated to cyber defense mechanisms. In addition, there appears to be a certain degree of naivety when it comes to cybersecurity, with small businesses operating in the belief that they will not be targeted by cybercrime.
However, SMBs should remember that they still hold sensitive and valuable data that is extremely desirable for cybercriminals. SMEs are at fault in the South African context, as stated in the Personal Information Protection Act enacted on July 1, 2021.
Cyber security companies predicted ransomware damage costs will exceed $ 265 billion by 2031, with attacks on businesses, consumers or devices occurring at a staggering rate ofevery two seconds. The projection for 2021 is $ 20 billion in costs.
Whether the prediction is right or wrong, the message remains the same. Businesses need to plan, implement adequate data protection and ransomware prevention solutions, and safeguard their data.
While businesses need to do all they can technologically to prevent ransomware and malware, people are, unfortunately, a big part of the problem.
Verizon Data Breach Investigations in 2021 Report found that 60% of ransomware cases in its study involved direct installation through desktop apps. The rest of the vectors were split between email, network spread, and downloads triggered by other malware.
Staff at all levels remain the common factor in many of these attacks, and the report notes that 85% of breaches result in the loss of credentials.
While a large business may be able to afford to survive an attack, small businesses may be forced to shut down due to the impact of ransomware, which means it’s no longer just an attack. computer problem, but a significant business problem. Big or small, every organization should do everything possible to protect its data and prevent ransomware.
Everyone has a role to play in the fight against ransomware. Scams aimed at introducing ransomware to devices and networks are constantly evolving. That’s why everyone in the organization needs to understand what they can do to prevent ransomware.
In my next post, I’ll highlight the role staff play in preventing ransomware attacks and reveal tips that small businesses can take to avoid these damaging attacks on their businesses.