In recent years, ransomware has proven to be one of the most destructive cyber threats facing the private and public sectors alike. This issue has never been more salient than during the COVID-19 pandemic, which has led to a surge in remote working and phishing attempts against businesses and hospitals. The specter of ransomware, combined with current trends towards remote work, places an urgent need for IT professionals to rethink their security practices and take an informed consideration of the true costs of ransomware.
Today, we’re announcing the release of the 2020 Ransomware Resiliency Report, which was developed in partnership with Coveware, a ransomware remediation company that’s worked with hospitals, local governments, and MSPs to help them overcome a ransomware attack. In Q1 2020, we surveyed MSPs, internal IT teams, VARs and consultants to better understand whether their expectations of the risk of ransomware match with the experiences of those that have actually gone through it. We examined considerations like top mitigations taken, whether they had cyber insurance, and how much damages they expect they can withstand.
“The results of our analysis highlight just how damaging a ransomware incident can be on an MSP, and that even when taking every step possible to protect themselves from an attack, being wrong just once can be devastating," said NinjaRMM CEO Sal Sferlazza. “As an industry, we must do all we can to educate our users about the dangers posed by ransomware and offer guidance on how to protect their business from both a security perspective and financially.”
Our findings suggest that while many MSPs and IT professionals are investing in mitigations like enforcing MFA or investing in BDR, there is room for improvement for both performing more regular audits and investing in more training. We also found that a majority of MSPs and IT professionals did not consider themselves at much personal risk with 40% ranking their risk at a 1 or 2 out of 5, and another 42% ranking their risk at only 3 out of 5. However, 86% viewed it was a near existential threat.
One mitigation we paid considerable attention to was cyber insurance, as it represented a slightly different take towards shielding businesses from a ransomware incident. We found that 69% either hadn’t taken out a cyber insurance policy or didn’t know if they had. This could indicate a blind spot in how IT professionals are thinking about their security. The costs of ransomware have risen rapidly, as data from our partner Coveware has shown, and cyber insurance is one way to cover damages that would otherwise ruin a business.
The MSP community, in particular, stands vulnerable, explained Coveware CEO Bill Siegel, “most MSPs are themselves small businesses, but to ransomware distributors, an MSP with a hundred clients IS a big game target, and they will come after those targets as aggressively as a large enterprise.”
This is a trend the MSP community has increasingly seen, according to Bob Wice, US Cyber & Tech Focus group leader at Beazley. He told us that in Q3 2019, a quarter of ransomware incidents reported to Beazley started with an attack on an IT vendor or MSP.
How any organization ultimately deals with ransomware will come down to individual and practical considerations. However, one area most respondents seemed aligned is in their disagreement with paying a ransom. 72% of respondents either somewhat or strongly disagreed with considering to pay a ransom. Pressed on when they would consider paying a ransom, 17% of MSPs and 14% of internal IT professionals said they wouldn’t pay a ransom under any circumstance — even if it meant shutting down the business.
Proper security is a complex and multi-faceted issue that forces IT leaders to evolve and think critically. With the coronavirus reshaping how employees and businesses do work, now is the time for IT professionals to take stock of what’s working, what needs to be improved, and what blind spots they may have towards protecting their business.
To learn more about how MSPs and IT professionals are dealing with ransomware, download the 2020 Ransomware Resiliency Report.