Small and vulnerable: SMEs on ransomware collision course

SMEs are most at risk of being cyber crime targets, as cyber criminals constantly up their efforts and the level of sophistication of their attacks.
Read time 4min 30sec

Research by McKinsey indicates small to medium enterprises (SMEs) form the backbone of the South African economy.

The SME sector represents more than 98% of businesses, employs between 50% to 60% of SA's workforce across all industries, and is responsible for a quarter of job growth in the private sector.

While the gross domestic product contributions from South Africa's SMEs, at 39%, lags behind other global regions − such as the European Union with a 57% contribution − there is no doubt that this sector is a critical driver of SA's economy.

However, it is also the most at risk due to various factors, not least its vulnerability to ransomware – today's leading cyber security scourge. Today, ransomware is one of the most potentially damaging − and prevalent − types of malware.

Through this lucrative crime, hackers break into a firm's computer system and encrypt data, which they will only release for a fee. The type and variety of ransomware attacks reveal they are constantly evolving and becoming increasingly innovative. Cyber criminals increasingly threaten to publish information on leak sites on the dark web or sell it, increasing the pressure for victims to pay the ransom.

This year alone, reports of ransomware attacks on leading South African organisations include the country's national port and rail entity, where the Durban port alone handles more than half of the nation's shipments. It is also the main gateway for other commodity exporters on the African continent, including the Democratic Republic of Congo and Zambia.

The hackers' ransom declaration claimed they had encrypted the company's files, including a terabyte of personal data, financial reports and other documents. This is a typical pattern.

There appears to be a degree of cyber security naivety, with smaller businesses operating in the belief that they will not be targeted.

A sobering statistic is the fact that during the past 12 months alone, the average cost of remediating a ransomware attack in South Africa was reported to be in the region of $447 097 (R6.4 million). This might be small change to enterprise-level organisations, but this would constitute a significant hit on their bottom line to SMEs.

SMEs' pervading issues appear to be universal in terms of the risks they face and are not confined to South African small enterprises. SMEs are the most at risk of being targeted by cyber crime, as cyber criminals increase their efforts and the level of sophistication of their attacks.

As this evolution is ongoing, SMEs need to do more to protect this critical sector. Anti-malware software and firewalls are no longer enough – SMEs, and all businesses, must have comprehensive protection, backup and recovery plans in place.

SMEs are particularly vulnerable to cyber attacks for a variety of reasons. Understandably, one of the most common issues they face is limited available financial resources to allocate to cyber defence mechanisms. Also, there appears to be a degree of cyber security naivety, with smaller businesses operating in the belief that they will not be targeted by cyber crime.

However, SMEs need to remember they still hold sensitive and valuable data that is hugely desirable to cyber criminals. SMEs have culpability in the South African context, as set out in the Protection of Personal Information Act enacted on 1 July 2021.

Global trends

Cybersecurity Ventures predicts ransomware damage costs will exceed $265 billion by 2031, with attacks on businesses, consumers or devices occurring at the staggering rate ofevery two seconds. The projection for 2021 is $20 billion in costs.

Whether the prediction is right or wrong, the message remains the same. Businesses need to plan, implement adequate data protection and ransomware prevention solutions, and back up their data.

While companies must do all they can on the technology front to prevent ransomware and malware, people are, unfortunately, a big part of the problem.

Verizon's 2021 Data Breach Investigations Report revealed that 60% of ransomware cases in its study involved direct installation through desktop apps. The rest of the vectors were split between e-mail, network propagation and downloads triggered by other malware.

Staff, at all levels, remain the common factor among many of these attacks, and the report notes 85% of breaches result in the loss of credentials.

While a large enterprise may have the means to survive an attack, small businesses may be forced out of business due to the impact of ransomware – which means it is no longer just an IT problem but a significant business problem. Large or small, every organisation should do everything it can to protect its data and prevent ransomware.

Everyone has a role to play in fighting ransomware. Scams that aim to slip ransomware onto devices and networks are constantly evolving. That's why everyone in the organisation must understand what they can do to prevent ransomware.

In my next article, I will highlight the role staff play in preventing ransomware attacks and reveal tips SMEs can implement to avoid these damaging strikes against their businesses.

Byron Horn-Botha

Lead: Arcserve Southern Africa channel and partnerships.

Byron Horn-Botha is lead: Arcserve Southern Africa channel and partnerships. He has been involved in the technology sector in sales and management roles since he commenced his working career eight years ago. He moved from his first position at Pastel in 2012 to work for a SAP partner specialising in the SAP budgeting planning, consolidation solution and enterprise play oriented solution. In this role, he was focused on new business expansion within and outside the SAP user community. In 2014, he joined CA Southern Africa in a business development role. In 2015, Horn-Botha moved into the Arcserve arena, fulfilling the role of new business development, as an Arcserve partner, followed by the move to the 2018 Arcserve corporate position. Throughout his career, he has worked with channel partners, giving him in-depth insight into the challenges faced by the sector.

See also