psdesign1 - Fotolia

SMEs showing signs of ransomware complacency

It might be the most topical security threat of the year but Webroot research has revealed worrying attitudes from smaller firms towards ransomware

Smaller businesses always used to take the view that the larger security threats would bypass them as they looked for larger enterprise targets and that complacency has crept in around the issue of ransomware.

A warning that many smaller firms are not in a position to deal with ransomware is the main finding of Webroot's examination of cyber threats to small and medium sized businesses.

The report into the SME world found that only 42% of smaller firms thought they would become victims of ransomware this year despite the fact that 60% of SMEs have already been hit, with finance and retail sectors the main targets.

Instead of focusing on the hottest threat the main concern for SMEs is trying to fend off new forms of malware, mobile attacks and phising attacks.

A breakdown into the UK results of the global survey found that 72% of firms were not ready to address IT threats although 90% thought their staff could deal with any external problems.

“The lack of concern about ransomware is leaving a gaping hole in the security of global businesses, as witnessed by the recent outbreaks of WannaCry and not-Petya. This combined with the UK’s false sense of security when it comes to businesses’ ability to manage external threats is worrying," said Adam Nash, EMEA regional manager at Webroot.

"Small- to medium-sized businesses can no longer afford to put security on the back burner and need to start engaging with the issues and trends affecting the industry. Enlisting the help and expertise of a Managed Security Services Provider is one way to implement a secure, layered approach to combat external threats," he added.

The view from the coalface indicated that budgetary issues were also having an influence on the attitude of SMEs towards security.

“As an IT Support consultancy in the UK, we know many SMBs fear cybersecurity attacks, but do not always address such concerns as fully as they perhaps should, which is borne out by this survey. Better, safer practices could be utilised by most of our clients, but immediate budgetary concerns can take precedence," said Michael Donkin, director of The IT Dept.

The advice the channel can give

•             BE PREPARED: Create a plan of action to respond to any type of breach that includes outside resources, like an MSP

•             EMPLOYEE EDUCATION: Investing in regular security training is a great way to prevent attacks.

•             DON’T FORGET MOBILE: Reliable mobile security is essential to protect from malicious applications.

•             SPEND WISELY: Look to allocate any additional budget you may have where risks are highest. If you’re unsure, ask a security expert or your MSP where your vulnerabilities lie.

•             UPDATE SOFTWARE: Keep business devices up-to-date

•             BEWARE OF RANSOMWARE: The UK is consistently one of the most phished nations, and phishing can lead to ransomware

Read more on Data Protection Services