In 2021, ransomware attacks cost businesses $20 billion worldwide. On average, the price tag that comes with recovering from an attack is $1.85 million — that’s more than double what it was in 2019.

As more and more of the world’s economy moves online and remote work becomes commonplace, expect attacks (and the cost of recovery) to rise. Some estimates predict the annual, global cost of ransomware attacks will reach $265 billion by 2031.

If that’s not scary enough, here are a few more ransomware facts to consider:

  • U.S. businesses accounted for 54.9% of all ransomware targets in 2021.
  • When facing a ransomware attack 32% of businesses paid the ransom in 2021. However, 92% of those business never recovered their data.
  • In 2021, there was a ransomware attack every 11 seconds — this will increase to every two seconds by 2031.
  • Only 43% of businesses that suffer a ransomware attack can recover their data.

You might be thinking, “not my business, I’m not a big enough fish,” but you couldn’t be more wrong. In the past 18 months, 60% of all midsize organizations were targets of ransomware attacks, and close to a quarter of those businesses wound up spending an average of $250,000 to fully recover from it.

What’s worse is that a recent Cisco study found small and mid-sized businesses (SMBs) don’t perceive ransomware attacks to be a legitimate threat despite managed service providers (MSPs) raising the alarm. Cisco’s study found that ransomware attacks weren’t even among the top three self-reported cybersecurity concerns for SMBs despite 85% of MSPs considering them the number one threat to their SMB clients.

So, how do you prevent your business from becoming another statistic?

You’re going to need a two-pronged approach that starts with proactive protection and ends with a rock-solid response and recovery plan. Experts also advise partnering with a security specialist instead of trying to keep cybersecurity efforts in-house. We couldn’t agree more — as ransomware attacks are growing in frequency and sophistication, having a managed security service provider (MSSP) whose sole role is cybersecurity is a smart move.

Here’s what that would look like.

Proactive Protection

As cybersecurity threats become more commonplace, complex, and frequent, in-house measures are increasingly unreliable — internal solutions aren’t just costly, they are inefficient, slow, and exploitable. With an MSSP you get a well-designed, sophisticated, always-on security plan that begins with proactive protections built to stop threats before they can do damage. Not all security is created equal, though.

Here is what’s good, better, and best when it comes to preventative cybersecurity measures.

• A MANAGED FIREWALL IS GOOD: An MSSP that can manage a firewall for you is a good start. A managed firewall puts the operation, administration, monitoring, and maintenance of your first line of protection into the hands of experts.

While you’re doing what you do best, your MSSP will monitor your network, provide reporting & analysis, and keep your firewall patched and up to date. This is a good, proactive measure that can mitigate attacks 24 hours a day.

• DNS PROTECTION IS BETTER: Every connected site and device in the world has a unique IP address, but thanks to DNS servers we don’t have to remember what they are. It’s a bit more complex, but a DNS server takes your plain language request —, for example — and matches it to the correct IP before rerouting you to the correct site.

There’s a problem though: DNS servers are notoriously unsecure and address requests can get hijacked.

With DNS protection from an MSSP, you can get DNS traffic monitoring, a private DNS server, or both. Traffic monitoring provides a layer of security that can shut down suspicious requests, block blacklisted connections, and generally shore up the vulnerability that DNS servers introduce.

In terms of security, a private DNS server goes one step further and provides a managed, highly secure, private waystation for IP address handoffs.

• A SECURE WEB GATEWAY IS BEST: Think of a secure web gateway (SWG) as your security guard, but for digital property. An SWG, either software or hardware, sits between your employees on your network and the internet and monitors traffic, blocks unverified websites and enforces predefined protocols.

Simply put, an SWG allows users to only access what’s already been pre-approved while blocking everything else. This level of security is becoming increasingly important as employees are working remotely from unsecure machines and internal networks are becoming less and less viable.

An SWG managed by an MSSP will provide top-tier security and a user experience that doesn’t feel restrictive.

• ANOTHER IMPORTANT CONSIDERATION: Hackers are getting smarter by sending emails posing as company insiders requesting recipients to open a spreadsheet or click on a voicemail message infected with malware. These infected messages may look like they come from a CEO, your teammate, or an accounting department, but are actually baited traps that allow hackers to infiltrate servers, steal data, or implant ransomware.

The best remedy is to train employees to be on the lookout for phishing attacks and be hyper-vigilant for messages that don’t quite look right. Integrated security awareness platforms such as KnowBe4 provide employee training modules that identify common ransomware red flags. With KnowBe4, organizations can orchestrate simulated phishing attacks to see if users click on a bogus link. Would-be victims then receive gentle reminders to stay vigilant.

Response & Recovery

Even with preventive measures in place, it’s important to prepare for the worst — the odds of being affected by a ransomware attack are high and you need a robust response and recovery strategy.

The goal is to quickly restore operations in the wake of an attack without any data loss. An experienced MSSP can help you create a plan that will do just that. But, like proactive protection, response and recovery strategies come in different shapes and sizes.

Here’s what’s good, better, and best.

• IMMUTABLE BACKUPS ARE GOOD: You obviously need a backup of your data. At the bare minimum, the 3-2-1 rule (3 copies of your data on 2 different media, with 1 copy stored offsite) should be employed. But even that is becoming less than a minimum.

Because today’s ransomware attacks can target backup files and infect them, and manual backups are susceptible to human error, immutable backups are increasingly necessary. An immutable backup is one that cannot be encrypted, modified, altered, rewritten to, or deleted — you can write to an immutable backup once and only once.

When properly managed, immutable backups offer a series of restore points for your business that become life rings in the aftermath of a ransomware attack.

• INSIDER THREAT PROTECTION IS BETTER: A ransomware attack can easily come from inside your organization — former employees, contract employees, even employees who simply made an error. Anything from bad actors to accidents can compromise your security from the inside out.

An MSSP with an insider threat protection plan can set up credential management, isolate sessions, provide access when and only when it’s needed (and revoke it when it’s not), monitor your systems for activity anomalies, and generally control access across the organization, all in real time.

With insider threat protection, your company can respond to threats during a breach (even if it’s coming from inside your enterprise), not just in the wake of an attack.

• DISASTER RECOVERY IS BEST: OK, so the worst has happened: Your enterprise has been the target of a ransomware attack, your security measures have been penetrated, and the crooks got a hold of your data. The goal now is to not pay the ransom, shore up your vulnerabilities, reduce operational downtime, and restore the most up to date, clean backup of your data. This requires meticulous planning, technical knowhow, and a dedicated team.

Leading IT groups recognize disaster recovery (DR) as the fastest way to full operational restoration, and a cloud-based DR solution led by an experienced MSSP is going to be your best bet in the event of the worst-case scenario.

Safeguard Your Enterprise

It’s not impossible to protect your business with in-house resources, but attackers are getting better every day at finding the smallest vulnerabilities and exploiting them, fast. The security experts at FirstLight are ready to partner with your enterprise — together we can create the best strategies and implement the ideal solutions for your cybersecurity.

The first step toward a more secure tomorrow is evaluating where you are today. Take our free assessment and see how prepared your company is for a ransomware attack.