Once considered more of a threat to enterprise-level organisations than SMEs, ransomware criminals are now targeting the little guys.

However lower-level executives are often not aware that such an attack – where victims are locked out of their company systems and a demand made for their reopening and the safe return of stolen data – could destroy their business.

“Right now, ransomware is the number one cyber threat facing UK businesses, particularly SMEs,” Nicola Hartland, senior vice president of innovation and growth at Falanx Cyber, tells BusinessCloud.

“The biggest problem for small- and mid-sized businesses is a lack of awareness – they don’t understand quite how much they need their systems and data. This is why founders or board members so often devalue its importance over other elements of their business.

“Cybercriminals know this, making mid-sized firms a popular target as defences are often weak compared to big corporates.” 

Hackers will get into a company’s network through phishing attacks, out-of-date software or password guessing from leaked lists off the dark web. 

“By the time a business has been locked out of all its systems, it’s already too late,” says Hartland. “It comes as no surprise that 80% of UK firms end up paying the ransom demanded by their attackers. Unfortunately, paying the ransom still never guarantees the end of the attack, either.” 

Ben Jenkins, director of cybersecurity at ThreatLocker, told BusinessCloud that the latest approaches taken by threat actors are “terrifying”.

‘You have to live and breathe entrepreneurship’

Falanx Cyber – part of publicly listed Reading-headquartered Falanx Group – identifies areas of cyber risk threatening the integrity of businesses and provides complete end-to-end managed security services to alleviate those risks.

It combines managed detection and response (MDR) services with penetration testing, incident response and consultancy.

“To protect yourself, I always recommend having two-factor authentication in place across all applications,” says Hartland. “To prevent an attack outright as a business, staff awareness training and password policies are vital. 

“The ultimate defence is either endpoint detection and response, or a fully managed detection and response to watch over your networks 24/7.”

Darktrace shares dive after £6bn private equity takeover called off