Ransomware remains the most common cyber threat to small-to-medium-sized businesses (SMBs), according to a survey of more than 1,400 MSP decision makers that manage the IT systems for such companies.

Australia and New Zealand reported the highest rate of ransomware attacks globally, with 91% of MSPs reporting attacks against SMBs in the last two years.

The results were announced as part of the findings from the fourth annual Global State of the Channel Ransomware Report by Datto, Inc., a leading global provider of IT solutions.

Ransomware, a kind of malicious software, makes business data inaccessible until a ransom is paid. While it is used against businesses of all sizes, SMBs have become a prime target for attackers. The 2019 Global State of the Channel Ransomware Report uncovered a number of ransomware trends specifically impacting the SMB market:
 

• The number of ransomware attacks against SMBs is on the rise. Eighty-five percent of managed service providers (MSPs) reported attacks against SMBs over the last two years, compared to 79 percent of MSPs who reported the same in 2018. In the first half of 2019 alone, 56 percent of MSPs reported attacks against SMB clients.  
• A disconnect exists on the significance of ransomware as a threat. Eighty-nine percent of MSPs report that SMBs should be very concerned about the threat of ransomware. However, only 28% of MSPs report SMBs are very concerned about the threat.  
• The cost of ransomware is significant. Sixty-four percent of MSPs report experiencing a loss of business productivity for their SMB clients while 45 percent report business-threatening downtime. The average cost of that downtime is US$141,000, a more than 200 percent increase over last year’s average downtime cost of US$46,800. The report also uncovered that the cost of downtime is now 23 times greater than the average ransom request of US$5,900.

Business continuity and disaster recovery (BCDR) solutions have continued to prove to be the most effective in lessening the impact of a ransomware attack. Ninety-two percent of MSPs report that their clients with BCDR solutions in place are less likely to experience significant downtime during an attack. In addition, four out of five MSPs state victimised clients with BCDR tools in place recovered from an attack in 24 hours or less, while less than one in five MSP clients without BCDR were able to do the same. MSPs are in a unique position today to educate SMBs on how to protect against a ransomware attack, including employee training and the tools to implement. 
 
“Ransomware attacks most often succeed through very sophisticated phishing techniques – for example, when someone clicks on something they shouldn’t and the malware infiltrates their contact list – the attackers then use those credentials to exploit further,” said Daniel Johns, Head of Services at leading Australian ICT company, ASI Solutions, which specialises in innovative technology solutions for businesses to gain a competitive edge. 

“As such, a proactive approach to cybersecurity, including user awareness and training, is vital. As SMBs continue to be heavily targeted by ransomware, we’ll continue to work directly with our clients to help reduce the risk and impact of an attack, should it occur.” 
 
Third-party hosted SaaS (Software as a service) applications are also a prime target for ransomware attacks, with MSPs globally reporting a 15% increase in the attacks within Office 365 year on year. Of interest the highest rate globally was in Australia and New Zealand, with 37% of MSPs reporting attacks on SaaS applications – including Office 365, Dropbox and the G-Suite; a 9% increase from the global average of 28%.
 
“It is no surprise that the frequency and sophistication of ransomware attacks against SMBs in Australia and New Zealand is on the rise, but recording the highest rate globally of reported attacks in this region is a wakeup call for SMBs,” said James Bergl, Regional Director, APAC Datto. “We understand that the cost of downtime that can cripple an SMB, as such we work closely with our MSPs to take a proactive approach to delivering tailored cybersecurity solutions for small and medium businesses.”
 
More from The Business Conversation:

Sunshine Coast positions itself as sought-after location for global businesses

Ticketing platform Humanitix starts social enterprises to help disadvantaged kids

Vertel and Purple Wi-Fi help Reflections provide better connected parks