Ransomware continues to plague MSPs and the SMBs they serve. However, Datto's Annual Global State of the Channel Ransomware Report revealed a slight decline in the frequency of attacks. Seventy eight percent of MSPs reported attacks on their clients in the past two years, down from 85% last year. That being said, ransomware is still a very real threat with 60% of MSPs seeing attacks in the first half of 2020.
Each year we develop the report to provide unique visibility into the state of ransomware from the perspective of the IT channel and their small and medium business (SMB) clients who are dealing with these infections daily. This year's findings revealed several challenges MSPs face regarding ransomware in our current environment, including:
- A need for client education: Today's companies must provide regular and mandatory cybersecurity training to ensure all employees can spot and avoid potential attacks. This year's survey results revealed that: phishing, poor user practices, and lack of end user cybersecurity training were the three most common causes of successful ransomware breaches. For MSPs, end user education has to be an essential piece of an effective ransomware protection strategy.
- Increased costs of downtime: Ransomware attacks can result in considerable business downtime and therefore cost to a business. MSPs reported that the average downtime cost per incident has increased by 94% from 2019 and a staggering 486% from 2018. Downtime costs vary widely among businesses and these numbers are based on MSP estimates. To calculate the cost of potential downtime for your business, check out our Recovery Time and Downtime Cost Calculator.
- Ransomware skirting cybersecurity efforts: Despite increased security spending, MSPs report that ransomware averted cybersecurity efforts, including employee education, antivirus, email filtering, pop-up blockers, and endpoint detection solutions. Of them, 50% said ransomware averted antivirus/anti-malware solutions. Ransomware frequently gets around these solutions because cybercriminals can modify malware to avoid detection. What's worse, social engineering tactics criminals use to dupe victims have become very sophisticated and hard to detect—even with security education. A multilayered approach to ransomware that combines security software and training and business continuity is so important.
- Hackers are targeting MSPs: Ninety five percent of respondents agreed that ransomware attacks are increasingly targeting MSPs. This is likely due to many high profile attacks on SMBs in recent memory. In attacks like these, hackers use MSP credentials to access and spread ransomware to their clients. In other words, by compromising an MSP, cybercriminals get more bang for their buck. MSPs are taking the threat seriously. More than half are now using password management and multi-factor authentication tools.
- Ransomware attacks on SaaS applications: Nearly 1 in 4 MSPs reported ransomware attacks on clients' SaaS applications. Of those attacks, Microsoft was hit hardest. This isn't particularly surprising since so many organizations rely on Microsoft 365. It was somewhat surprising, however, to see that more than half saw ransomware in Dropbox. Google Workspace rounded out the top three at 25%.
These statistics are just the tip of the iceberg. Download Datto's Global State of the Channel Ransomware Report to uncover a wealth of insights from over 1,000 MSPs worldwide and discover actions you can take to protect your business today.
Author Christopher Henderson is director of information security at Datto, Inc. Read more guest blogs from Datto here.
