Have an account?

  •   Personalized content
  •   Your products and support

Need an account?

Create an account

Ransomware: It’s about customer trust

It does not take much for your business to be crippled by ransomware. An “innocent” click on a suspicious advertisement or a link in an email.

Even a visit to a legitimate website can land you in trouble, if the site is infected with code installed to redirect users to a malicious website.

When that happens, all your company files are encrypted and there will be a request for ransom. After you’ve paid, you will get back your files - or you may not, as some companies found out during a recent ransomware attack. Every 40 seconds, a business is hit globally and one in five SMBs do not get their data back even after they’ve paid the ransom.1

The threat of ransomware

Ransomware is a type of malicious software that threatens to publish the victim's data or perpetually block access to the data unless a sum of money, or ransom, is paid. Some ransomware are even more vicious: your data is destroyed even after you have paid.2

According to the US Federal Bureau of Investigation (FBI) estimates, cyberthieves made off with $1 billion in 2016 alone.3

The FBI also reported that on average, more than 4,000 ransomware attacks have occurred daily since January 1, 2016. This is a 300% increase over 2015’s approximately 1,000 attacks daily.4

Globally, 40% of businesses experienced a ransomware incident during 2015, with 60% of the ransomware attacks demanding $1,000 or more.5

SMBs are more vulnerable

If you think your business is safe because it is too small to attract a cyberthief’s attention, think again. A Cisco Umbrella6 report showed that the WannaCry ransomware attack in May 2017 hit 150 countries, infected 300,000 machines and victimised over 200,000 companies.

The point is, ransomware neither respects you nor your company. No company is immune, but SMBs are more vulnerable because of budget constraints and smaller spend on IT infrastructure and security.

What can SMBs do to beef up their defenses against ransomware attacks?

Some experts have suggested that companies buy insurance against cyber-attacks.7 This may not be cheap, and does not prevent an attack in the first place. Also, while insurance can help recover costs related to the ransom payment and other IT expenditure caused by the fallout, there is no guarantee that you can recover your data.

8 ways you can reduce the chance of an attack

For ransomware, prevention is the best cure.

Here are some steps your company can take to reduce its exposure to attacks:

  1. Educate employees on the dos and don’ts of ransomware attacks. One simple reminder is: never click on any unsolicited links or email attachments.
  2. Maintain a security protocol that can protect your employees while they are on the go and using mobile devices such as laptops.


  3. Install a virtual security system that detects and contains. This system can continuously monitor your networks, identify malware exploit kits and prevent malware code from executing. It will also block malicious command and control traffic, malicious files and malicious URLs in emails.
  4. Reduce infection risk by developing a proactive security plan that leverages on a multi-layer defense, by having predictive intelligence to understand where attacks are staged on the internet, while also continuously improving your network hygiene and evaluating your security posture.
  5. Make sure you have a current business continuity plan. Back up all your critical data regularly. Test the integrity of the back-ups and ensure that the restoration process is always working. Back-ups should not be connected to your system networks and should be stored in the cloud or in offline physical storage.
  6. Conduct an annual vulnerability assessment, which can include simulated cyber-attacks.
  7. Have a consistent and comprehensive patch management process in place.
  8. Smaller businesses that cannot afford in-house IT teams can engage external security expertise, and delegate control of IT systems to managed services providers (MSPs).

An IDC survey commissioned by Cisco Systems8 showed that many SMBs list Security as the highest priority when it comes to buying technology infrastructure for the company.

SMBs globally are now more aware of the need to protect against ransomware and other cyber-attacks.

The SMBs interviewed in the IDC study commissioned by Cisco9 also said that they rely on solutions provided by established brands, which they find more trustworthy and have enough built-in security.

Your business should not be left in the dark.

At Cisco, we know that customer data is the lifeblood of your company. Securing this information is non-negotiable. Ultimately, the best reason for a SMB to invest in a strong suite of cyber defence solutions is to secure customer trust. Learn how Cisco Start can help you do that.


[1] The cost of Crptomalware: SMBs at Gunpoint, September 7, 2016

[2] Why You Shouldn’t Pay the Petya Ransomware

[3] David Fitzpatrick and Drew Griffin, “Ransomware is expected to gross cyberthieves $1 billion in 2016 says FBI,” CNN Money, April 15, 2016

[4] How to Protect Your Networks from Ransomware, Federal Bureau of Investigation, https://www.fbi.gov/file-repository/ransomware-prevention-and-response-for-cisos.pdf/view

[5] “40 Percent of Enterprises Hit by Ransomware in the Last Year,” Security Magazine, August 4, 2016

[5] “Stop Ransomware in its tracks, Cisco Umbrella

[8] “Lloyd’s warns of $120bn bill from extreme cyber-attack”, Financial Times, Tuesday, July 18, 2017

[9] Detailed findings of this study will be released soon.

Resources and Support

For Customer

Get Cisco Start solutions from our network of more than 10,000 IT consultants and resellers to help you start your IT journey with Cisco.

For Partners

Start selling our enterprise class technology, fit and made for your customers in midmarket and in small and midsize business.

Support Community

Join in discussions with Cisco experts and our support community. Get your questions answered and share your knowledge.