Company’s survey finds MSPs, SMBs need to bolster protections
MSPs and their SMB customers remain woefully under-protected against ransomware attacks that are increasing in frequency and getting costlier to the victims, according to a report this week from Datto, an IT solution provider that sells through MSPs.
The Lowdown: Two-factor authentication is among the most basic and effective technologies for protecting against ransomware, but MSPs say they’re enabling 2FA on only 60% of e-mail clients and 61% of password managers, Datto found in the survey. In addition, while 80% of MSPs said they’re a target of ransomware threats, only half have the external expertise to help them if they or their clients are hit by a large-scale ransomware attack.
The Details: The trends in ransomware attacks found in Datto’s 2019 Global State of the Channel Ransomware report include:
> Ransomware is everywhere: 85% of MSPs reported that SMB clients had been attacked over the past two years, a jump from 79% in last year’s survey. In the first half of 2019, 56% of MSPs reported attacks against SMBs.
> Disconnect: 89% of MSPs say SMBs should be very concerned about ransomware, while only 28% report that SMBs are very concerned.
> Cost of ransomware: 64% of MSPs report that their SMB clients had lost productivity, while 45% said clients had sustained downtime that threatened their businesses. In addition, the average cost of downtime is $141,000, an increase of almost 200% over the $46,800 reported last year, and the cost of downtime is more than 23 times the average ransomware request of $5,900.
> Business continuity, disaster recovery is key: 92% of MSPs reported that clients with BCDR solutions are less likely to experience significant downtime due to an attack, and 80% said SMB clients recovered in 24 hours or less.
The Impact: Ransomware remains a key threat to businesses of all sizes, with cybersecurity firm Emsisoft reporting that it’s once again the top weapon in attackers’ arsenals. SMBs continue to lean on MSPs for much of their security, giving the service providers a key role in protecting those clients and putting pressure on MSPs to make sure they have the tools and expertise to address ransomware and other kinds of cyberattacks.
The Buzz: “MSPs need to set the tone for their SMB customers when it comes to preparing for and responding to ransomware attacks,” said Datto CISO Ryan Weeks. “They need to protect themselves first by improving their organization’s cyber hygiene in order to keep their clients safe. MSPs must adopt 2FA universally for any technology they use to service clients, as well as their own business. In a climate where cyberattacks have become an everyday occurrence, 2FA across all technology solutions is one of the most effective controls to reduce the likelihood of a successful attack.”
“Protecting our SMB clients from cyberattacks like ransomware requires an understanding of their business, detailed preparation, and the right mix of technologies,” said Jason Grilo, network operation center manager at Canadian MSP Solūt. “IT downtime can cripple a small business, making it critical to have a proactive approach to cybersecurity. As ransomware attacks continue to increase in frequency and sophistication, we’ll work directly with our clients to help reduce the risk and impact of an attack.”