As hundreds of mostly small businesses are reeling from a large-scale ransomware attack that occurred on Friday, the imminent threat that such attacks pose to businesses around the world has once again come into public focus.
As is often the case with such attacks, the latest one targeted software used by managed service providers (MSPs) to monitor and maintain the IT infrastructure of small and medium-sized businesses. And while MSPs are typically aware of the threat posed by ransomware attacks, their clients often aren’t, leading to carelessness that can end up being very costly. According to a survey conducted by cybersecurity company Datto, 84 percent of MSPs think their clients should be very concerned about ransomware, but only 30 percent of small businesses actually are.
According to Datto’s Global State of the Channel Ransomware Report, carelessness and gullibility are the greatest threat to small businesses. With phishing mails, poor user practices and lack of cybersecurity training on top of the list of leading causes of ransomware attacks, it becomes clear that end user education is an essential part of IT security.
“It is important to note that security training must go beyond just how to identify phishing attacks,” the report notes, adding that “weak passwords, open RDP access, and a host of other user errors were also to blame for breaches.”