The threat of cybercrime continues to rise, as criminals adapt to new security measures and take advantage of changes in user’s online behavior. The rising threat of cyber crime was made all the more evident when WannaCry, one of the largest cyber attacks to date, hit networks in countries and businesses around the world. While large-scale attacks like this make headlines, ransomware attacks occur everyday, arguably causing the most damage to small and mid-size organizations.

Ransomware Threatens to Cripple Mid-Size Businesses

We’ve been saying it for years, but companies of all sizes need to remain vigilant and continue to place a higher priority on protecting themselves against cyber attacks. Any remaining skeptics need only to look at some of the latest statistics from Malwarebyte’s July 2017 study: The Second Annual State of Ransomware Report to grasp this concept:

• 22% of small businesses that were hit with a ransomware attacks were crippled to the point they had to cease operations immediately
• 75% of organizations see ransomware as a high priority
• Only 7% or organizations feel “very confident” in their ability to thwart ransomware attacks
• 38% of organizations have experienced a ransomware attack during the last 12 months

Not only do larger organizations typically have the resources to work around the clock to prevent ransomware from taking hold of their business, they have the budgets to pay off the ransom demand when backed into a corner.

In the absence of a specialized cyber-security staff, small and mid-size businesses face an uphill battle to address these challenges. Leaner companies rely on day-to-day operations to stay afloat. While mid-size businesses will take a hit if they’re forced into paying off a ransom, it’s rarely the dollar amount of the demand that is devastating to the businesses, it’s the downtime.

Considering the financial setbacks of lost productivity, missed opportunity costs, operational disruption, and damaged reputation among shareholders, customers, business partners and employees, the consequences of a ransomware attack may cost large enterprises jobs and revenue but, for a small to mid-size organization, could jeopardize the future of the entire business.

The Weakest Link in Your Cyber Security

Ransomware attackers examine trends to determine the most viable methods to exploit your information. They’re always looking for the path of least resistance and most often their opportunity comes when your users mistakenly help facilitate their infiltration through a phishing email.

Despite significant investments in defensive technologies, most mid-size organizations defense still doesn’t seem to be enough. While technology can help to secure your information, understanding the risk your users present to your security is a key step in determining the gaps to address your weaknesses. This makes empowering users to recognize threats and educating them on security protocols one of the most important components to any security strategy.

While behavioral training is a key component, it is only one of the many gaps that needs to be addressed in a comprehensive security program. BDO Digital's Information Security Practice works closely with each of our partners to understand the nuances of your business to optimize our security recommendations. Contact us to discuss the best cyber security defense for your business.