European MSPs (85%) reported that their clients suffered more attacks than any other region as the average cost of downtime continues to overshadow actual ransom amount. This reverse Europe’s relative the other geographies position in earlier years.
Datto’s fifth annual Global State of the Channel Ransomware Report talked to more than 1000 MSPs globally and was particularly interested in the impact COVID-19 has had on the security posture of small and medium businesses, along with other notable trends driving ransomware breaches.
The sums demanded by ransomware have stayed the same as last year while the cost of downtime related to ransomware has increased: European MSPs reported a 24% higher average cost compared to 2019, which is 53X greater than the average ransom requested. 67% of MSPs stated that their clients’ productivity was impacted in the aftermath of an attack, and a little over one in four (26%) said their clients experienced decreased customer profitability.
Ryan Weeks, Datto’s CISO tells IT Europa that MSPs were actually reporting fewer instances of malware, perhaps because the attacks were no longer aimed at mass targets, but were being targeted. At the same time, he said, the vertical markets targeted has moved from manufacturing to healthcare and financial companies.
Some 42% of European MSPs said remote working due to Covid-19 resulted in more ransomware attacks, and that shifting client workloads to the cloud came with increased security vulnerabilities. The survey also determined that finance and insurance was the most vulnerable industry in Europe during the pandemic (47%). Ransomware is now creeping into SaaS applications, Microsoft being the obvious top target, but Dropbox and Google are also in their sights.
Why has the ransom amount stayed so low, IT Europa asked. It is not clear why this is, but the thinking is because the targets are being attacked for the first time and this represents an entry-level sum.
And the ecosystems is continuing to grow: with 95% of European MSPs stating their own businesses are increasingly at risk, 45% of MSPs now partner with specialised managed security service providers (MSSPs) for IT security assistance, even though the number of such specialists remains small in comparison.
“The most interesting and encouraging sign” Ryan Weeks says, is that MSPs have moved strongly to using “reimaging from backup” as the top method of countering attacks. Two years ago, they were rebuilding systems from scratch. “Now we are starting to see the result of their efforts manifest in more mature recovery mechanisms.”