Adaptive Segmentationmicro-segmentation May 12, 2022

Ransomware: How Small and Midsize Organizations Can Stop Its Spread

Keith Do, Product Marketing Manager

Small and midsize businesses have a good reason to worry about ransomware: For this kind of attack, they're the most highly targeted segment.

SMBs also know that preventing a cyber breach has become nearly impossible. All it takes is one "open door" to expose an entire network.

Making matters even worse, many IT and security teams face limited resources at the same time their duties have expanded. IT today stretches across a new global environment that includes cloud, on-premises, multicloud and hybrid assets.

Small targets, big losses

How serious is the ransomware problem for SMBs? Very serious, according to Gartner’s VP of midsize enterprise security, Paul Furtado. Consider these disturbing stats from one of his recent reports:  

  • 81% of all successful ransomware attacks have targeted companies with fewer than 1,000 employees.
  • 90% percent of successful ransomware attacks targeted businesses with under $1 billion in revenue.
  • The average ransom paid by a mid-market organization is $322,000. But the total cost of recovering from a ransomware attack was anywhere from 5 to 10 times that amount.  

Also, Gartner's Furtado advises leaders of any organization hit by ransomware to brace themselves for 20 days of business disruption. And that's just the average.

Plus, even if an organization pays the ransom, it should still expect to lose about a third of its data, Furtado cautions. Bad actors use accelerated encryption, which can corrupt data on a large scale.  

But wait, there's more: Among companies that pay the ransom, 80% will be targeted again, Gartner says. They'll be attacked by either the same threat actor or a different threat actor after word of their first attack spreads on the dark web. 

Segmentation can help

Ransomware can wreak havoc on companies both large and small, and in every major industry. But ransomware also has an Achilles' heel: It typically moves in a predictable pattern.

In the first step of that pattern, malware gains entry into an organization's IT environment through a vulnerable pathway. Then, if left unchecked, the malware spreads over the course of weeks or even months, spiderwebbing its way across networks, devices and servers. In the final step, a bad actor flips the switch to activate the ransomware, and it appears, seemingly out of nowhere.

While it may not be possible to block all ransomware attacks, since most ransomware follows this predictable pattern, it is possible to stop what's known as "lateral movement." That occurs when ransomware and cybercriminals move through your network, hunting down your most important digital assets.

To stop this lateral movement, you first need to understand the communications flows between your applications and services — that is, what is talking to what.

Instead, many organizations struggle to identify their vulnerabilities. This makes it difficult to block risky pathways and shut down routes for ransomware.

Fortunately, there's a better way. You can use segmentation to stop a majority of ransomware attacks by closing just a few types of pathways.

How Illumio can help

Illumio is the leading Zero Trust Segmentation platform for securing and managing hybrid environments. With Illumio, you can:

  • Create, in just minutes, a real-time map across your entire hybrid IT environment. This map will show you how your systems are connecting and communicating, both internally and externally;
  • Rapidly create segmentation policies, then automatically enforce them, preventing breaches and ransomware from spreading;
  • Close risky ports and vectors that ransomware could otherwise use to gain entry to your systems;
  • Erect barriers so that malware, should it enter your network, is blocked from moving laterally;
  • Isolate your highest-value assets, protecting them from ransomware's lateral movement.

To protect your digital assets, you can use Illumio to first discover how your digital assets could be compromised, then close unnecessarily open connections. That will stop ransomware from spreading across your hybrid environment.

Best of all, Illumio does all this from just a single, easy-to-use console. It's a powerful yet simple way for SMBs to protect their most important digital assets.

Learn more about how Illumio segmentation can stop the spread of ransomware in your small or midsize organization: 

Adaptive Segmentationmicro-segmentation
Share this post: