The threat environment for small and medium sized businesses (SMBs) is continuously changing and becoming more dangerous. Currently, the biggest malicious threat that faces SMBs is that of ransomware attacks. In a ransomware attack, the attacker takes control of an organization’s or individual’s network or file system by tricking a victim into clicking a malicious link or opening an infected file using a phishing email, most commonly. Typically, the attacker will then lock the victim’s files using sophisticated encryption, making it impossible for the victim to access their files. From there, the attacker will demand a certain amount of money from the victim to unlock their files. The average ransom cost for these attacks is $13,000 in 2020, which can be crippling for SMBs.1 Combine this with the fact that 43% of cyberattacks targeted small businesses1, and the threat of ransomware attacks against SMBs is even more heightened.
So, what can small and medium sized businesses do to protect themselves from ransomware attacks? One of the best things SMBs can do to protect against ransomware attacks is employing the use of managed detection and response (MDR). This is a, typically, outsourced service that focuses on detecting threats to a network then taking the necessary actions to mitigate said threats. To do this, most companies that provide MDR use what is called “endpoint detection and response” or EDR for short. EDR products are used to monitor endpoints, such as computers and servers, in hopes of detecting threats before they become detrimental to the organization that is being monitored.
But why outsource for managed detection and response? For small and medium sized businesses, the reason for outsourcing lies in finances and technical abilities. First and foremost, the cost of recovering files from a ransomware attack is unknown until the attacks occurs. By that point, the victim is at the mercy of the attacker, and they may request more than the SMB can afford. By having a company supply MDR, a SMB can protect against a possibly crippling financial hit as a result from a ransomware attack for a known cost. Additionally, the cost of the EDR products that MDR-supplying companies use may be too expensive for some SMBs. These products may also not be utilized correctly should they be managed by a SMB themselves due to the possibility that they do not have the personnel to use them to their full potential. Taking these reasons for outsourcing MDR into consideration, the best course of action for SMBs when it comes to protecting against ransomware, among other cyberattacks, is employing a company to provide managed detection and response to monitor their networks and endpoints.
1https://ibmsystemsmag.com/Power-Systems/02/2020/smb-target-of-cyberattacks