It has recently been discovered that SMBs (Small and Medium Businesses) are unprotected from various ransomware attacks. Actually, the situation is so bad that the businesses would even pay a ransom to restore their files and information rather than trying to take up other measures.
There is a large number of ransomware attacks targeted towards the Internet of Things (IoT). This means that a lot of systems based on physical devices are in danger, including hospitals and banks.
A survey by Arctic Wolf revealed that 13% of SMBs have already been attacked by ransomware. In other words, one in eight SMBs had to deal with scammers and probably paid a ransom. It was also revealed that 45% of those who participated would pay a ransom if their computer became encrypted. Having in mind that there were 300 participants in the survey, we can assume that the proportions would be similar even with a bigger number of people.
The participants were responsible for the cyber security and the IT side of their respective companies. Each company, constituted of 200 to 3000 staff members, belonged to the sector of Small to Medium Businesses.
The most vulnerable industry was revealed to be transportation – 29% of businesses claimed to be attacked by ransomware in regard to the Internet of Things. Other mostly affected areas include technology, energy, and construction. However, ransomware can attach any company.
The most worrying thing is the level of unpreparedness of the SMBs regarding cyber security. Almost 70% of the survey participants claimed not having a formal plan in case of an attack. Also, 80% of the companies have no security tools that would protect against zero-day malware. 60% don’t perform log analysis, which can be helpful when defending the system from threats.
However, Small and Medium Businesses, in general, have started using the Internet of Things much more than before, with 80% stating that the function of IoT is a positive thing. Consequently, these businesses take IoT into consideration when buying devices. Having this fact in mind, it is a bit concerning that these companies still don’t take security as seriously as they should.
This point of view is concerning because ransomware attacks can affect very vulnerable domains, for instance, medicine. The recent case with the WannaCry ransomware attack can be a great example. Ransomware can also cause a lot of damage when it comes to transportation and power grids, leaving people without public transportation or electricity.
Said attacks are most likely to occur to PC hardware, key locks, scanners, printers, and ICS (Industrial Control Systems).
Brian NeSmith, the co-founder and CEO of Arctic Wolf, claimed that the businesses that do not spend millions of dollars on cyber security risk at being an extremely easy target for hackers who are usually funded generously and very thorough in their strategy.
When it comes to IoT, the damage of ransomware can differ from usual attacks. When regular computers are attacked, the hackers can only affect the device and the files within it. However, IoT systems are more sensitive because of the functions they perform, for example, such an attack may be fatal to some people if smart medical equipment is targeted.