The short answer is possibly not. Small and medium sized business (SMB) owners may feel their business is too small to be the target of an attack and are often under prepared and under resourced to handle one. But, size isn’t a restricting factor for cyber-crime. According to Norton New Zealand’s SMB Cybersecurity Survey 2017, in 2017 24% of New Zealand SMBs experienced a cyber-attack, up from 18% in 2016.
According to the same survey, more than a third (35%) of SMB operators reported that they wouldn’t last one week without access to critical information, this is a strong indicator of the size of the risk for the SMB sector.
As an example, an independent South Island panel beating firm was one of a rising number of both small and large businesses to have been hit by a cyber-attack.
The panel beating firm was targeted and affected by a ransomware attack. Like many SMBs, the company was not sufficiently resourced to deal with this attack and the ensuing business disruption. Fortunately, the firm had extensive cover in place with NZI’s Cyber Ultra policy. The total claim was close to $136,000, a potentially devastating cost had the business been uninsured.
Ransomware is a type of malicious software that blocks a user from accessing their files or computer system unless they pay a ransom. According to research across Australia and New Zealand in Datto’s State of the Channel Ransomware Report, ransomware is the most prominent malware threat to SMBs. From Q2 2016 to Q2 2018 81% of managed service providers (MSP) report ransomware attacks against SMBs and 92% predict the number of ransomware attacks will continue at current rates or increase.
Ransom demands are often relatively low to encourage the victim to pay directly to the attacker, rather than seek professional support to fix the problem. However, paying the ransom doesn’t guarantee you will get your data back, often the attacker will take your payment and leave your files encrypted.
The State of the Channel Ransomware Report also suggests the average ransom cost for SMBs is around AUD6,000, but the average cost of downtime is nearly ten times higher at over AUD57,000. With such a high cost, protection against this threat could be vital to a SMB’s survival.
Users are the first line of defence against cyber threats. Up-skilling your employees to detect phishing and malicious emails can help prevent hackers gaining easy access to your business’ system.
NZI’s National Relationship and Cyber Manager, Andrew Beven, discusses how businesses can be better off investing in protection and how to reduce the likelihood of a successful attack on your business.
“Make sure all your security software and operating systems are up to date. If you don’t have the expertise in-house; consider budgeting for an IT firm to monitor your systems remotely.”
“Users are the first line of defence against cyber threats. Up-skilling your employees to detect phishing and malicious emails can help prevent hackers gaining easy access to your business’ system.”
“Locally installed security software like antivirus and firewall software can be the first barrier between the internal network and external network should a computer connected to the network and system be compromised or attacked.”
Should an attack breach your security, it’s important for a business to have a procedure in place to minimise the damage and disruption. Andrew discusses how key to this is frequent backing up of data and having a recovery system in place. Equally as important is having a plan mapped out that can be quickly executed to get the business running as normal should an attack breach the system.
“Data recovery is one of the most critical elements of any technology security strategy. If a business suffers data loss it can be catastrophic, potentially damaging the company’s reputation and profitability. The best method to prevent this is also the most obvious, frequent and regular backups of the systems. Keeping the backup data offline and separate from the system is best practise, helping ensure the integrity of the data should the system be compromised. From here, in the event of being locked out from an attack the system can be restored to the latest backup.”
“The other important tool to have in place should a cyber-attack breach your business’ system is a mitigation and recovery plan. This could involve swiftly bringing in an IT consultant/firm to deal with the issue and restore the data. It is important for businesses to have this procedure predefined, so action can be quickly enacted to prevent the attack spreading further and minimising business disruption.”
For the South Island panel beating firm, NZI’s cyber team executed a complete recovery plan with the business’ systems fully restored the day following notification of the breach. The insurance also covered the employment of temporary staff to assist the business in manually re-entering lost data which in this case included a number of job quotes.
This attack is a reminder that all businesses regardless of size or remoteness can still be vulnerable to an attack and how the cost and disruption has the potential to be devastating for a SMB.