Ransomware is a big problem, but it’s also a big opportunity for MSPs to educate clients

While large-scale attacks such as WannaCry make headlines, ransomware attacks are just as likely to happen among small businesses as they are large enterprises. According to Datto’s 2017 Ransomware Report, an estimated five percent of SMBs globally fell victim to a ransomware attack in 2017.

Eighty-six percent of IT managed service providers (MSPs) said their SMB clients have been victimised by ransomware, with 21 percent reporting six or more SMB attacks in the first half of 2017 alone. Further, 99 percent of MSPs believe the frequency of SMB-targeted attacks will continue to increase over the next two years.

BCDR is an easier sell

The spike in ransomware attacks means it has never been more important to have a reliable business continuity and disaster recovery (BCDR) plan in place to help organisations get up and running as soon as possible after an attack.

This also means there has never been a better time for MSPs to talk to their clients about implementing a BCDR solution – something confirmed by Datto’s latest State of the MSP Report, which shows that BCDR is significantly less of a hard sell than it has been in the past. The ongoing publicity surrounding ransomware attacks has opened a door for MSPs to have a conversation with their clients about what they can do to help prevent data loss, downtime and reputational and financial ruin, should preventative measures not work.

Just eight percent of MSPs see selling BCDR as a challenge today, down from 18 percent in 2017 as businesses and end users are becoming smarter about the need to backup and mitigate against issues before they arise.

Surprisingly, it isn’t the ransom itself that affects organisations the most – it’s downtime and data loss that can inflict the most damage. As a result of a ransomware attack, 75 percent of MSPs reported that their clients experienced business-threatening downtime. Incidentally, in the UK alone, 21 percent of SMBs who paid a ransom to cybercriminals never recovered their data.

Ransomware can infect systems despite SMBs having antivirus software, email and spam filters, ad blockers, and regularly updated applications. It is therefore essential that companies have a BCDR solution in place, combined with employee cybersecurity training.

With BCDR, businesses can make an image backup of file servers throughout the day, preserving a clean copy of all system data. In the event of a ransomware attack, a BCDR solution provides a data and system recovery option.

This is especially important under the GDPR, where the penalties for data breaches are severe for organisations – failure to comply with the new regulation can incur a fine of up to four percent of a company’s annual global turnover or €20 million, whichever is greater. In addition, the penalty for failing to notify the relevant authorities of a data breach is €10 million, or two percent of revenues.

RMM prevention is better than cure

Many ransomware attacks will exploit underlying vulnerabilities in the operating system. In most cases, the patch for this vulnerability has already been released by the vendor, but has not been applied to the machine. Deploying an RMM solution not only gives you visibility of vulnerable machines, but also provides a method to instantly deploy the applicable patch and close the vulnerability.

MSPs that are able to address vulnerabilities proactively are more likely to prevent cyber attacks. Deploying an RMM tool is an easy step towards a proactive approach.

Some businesses are still in the dark about ransomware

While the ransomware headlines have made it easier for MSPs to make the sale, there are still many businesses in the dark with only 38 percent of SMBs reportedly feeling ‘highly concerned’ about the ransomware threat.

One reason for this could be due to a lack of mandatory cybersecurity training across SMBs, which MSPs say is the leading cause of ransomware infections. Again, this is a massive opportunity for service providers to educate their clients about cybersecurity risks.

MSP market is seeing positive growth

The good news is that half of the European MSPs surveyed are now servicing more than 100 clients on annual contracts – up 23 percent on 2017, which indicates that organisations of all sizes are recognising the benefits of partnering with MSPs and other IT channel partners, especially at a time when IT skills and resources are stretched.

MSPs that specialise also stand more chance of monetising as they differentiate themselves in an often-overcrowded market. The Datto report shows most MSPs already recognise this need for specialisation services, with 55 percent of MSPs offering specialised services for manufacturing companies, with financial (49 percent), legal (42 percent), non-profit (37 percent), education (34 percent) and healthcare (33 percent) specialised services also making the list.

The Datto research points to ransomware – and especially organisations’ lack of cybersecurity awareness – as one European MSPs’ biggest pain points.

However, ransomware isn’t going anywhere anytime soon, so MSPs have an opportunity to step into the role of trusted advisor to their clients, helping them navigate an increasingly complex cybersecurity landscape, and arming them with the tools and knowledge – as much as it’s possible – to prevent any data breaches.