United States

The impact of ransomware attacks on the middle market


Ransomware threats remain prevalent within the middle market, taking multiple forms and requiring businesses to take a more proactive stance to protect key data and intellectual property. Media reports of ransomware attacks in virtually every industry emerge on almost a daily basis, as deploying ransomware is relatively easy for criminals to execute with the potential for significant rewards.

Cybercriminals typically employ two different tactics for ransomware attacks. The first is a very basic strategy, repetitively sending fraudulent emails from fake or compromised accounts with no discernable pattern. The second is a more sophisticated campaign, specifically targeting vulnerable networks or systems.

Unfortunately, with more people generally working remotely or from home—especially in response to the COVID-19 pandemic—criminals have more access to  vulnerable networks. In many cases, the majority of company workforces are working remotely, and remote desktops often do not have the same level of security protections as on-premise networks. In the rush to implement new remote policies, security may have been an afterthought, inadvertently creating low-hanging fruit for hackers.

Ken Stasiak, RSM Principal, emphasized how the coronavirus crisis can further expose existing issues. “RSM conducted over 60 ransomware assessments following the issuance of last year’s MMBI Cybersecurity Special Report,” he said. “The top three controls that most organizations were lacking in defending a ransomware attack were:

  1. Segmentation (83%)
  2. Restricting and disabling end user’s local admin privileges (75%)
  3. Two-factor authentication for email (50%)

Once hackers gain access, they attempt to lock areas of the network or files that contain critical data. A message is sent detailing areas that have been encrypted, including a ransom note with the amount necessary to unlock files before they are destroyed. In many cases, businesses chose not to pay the ransom, but the effort required to regain access to files can be time-consuming and costly.

Ransomware has always represented a concern for middle market businesses, but the threat has escalated in recent years because stolen data has flooded the underground market, and may not have as much value as it had in the past. In a ransomware attack, the criminal is not necessarily concerned with selling stolen data, just collecting a payment for unlocking a network or data. This approach cuts out the middleman and is often much more lucrative.

As ransomware attacks expand, more middle market companies either know a peer that has experienced an attack, or have been a target themselves. The RSM MMBI survey showed that 41% of middle market executives know someone that has been the target of a ransomware attack, a 6% increase over last year’s data.

Not surprisingly, the number of middle market companies that have suffered a ransomware attack has also increased. The MMBI study found that 23% of middle market executives claimed a ransomware attack or demand during the last 12 months, a 3% rise from the 2019 report. Significantly more executives at larger organizations reported an attack than smaller organizations (32% versus 14%).

In addition, 9% of respondents in the RSM survey reported multiple attacks.

This is a fairly common strategy from criminals; once they breach a business and find that it’s vulnerable, they smell blood in the water and will often attempt another attack.

“Ransomware is the great equalizer,” said Daimon Geopfert, RSM Principal. “It can cause as much damage in a midmarket manufacturer as it can in a large financial institution.”

Stasiak provided insight into a key strategy to potentially offset the rise in steadily recognizing the threat that ransomware poses. Forty-nine percent of middle market executives in the RSM survey see their organizations as likely targets for a ransomware attack, a 3% increase from last year’s report and an 8% rise from two years ago. Executives at larger organizations are more likely than executives at smaller organizations to see the threat as very likely or somewhat likely (56% versus 43%).

With its relative ease and potential high rewards, the ransomware threat shows no signs of relenting. In addition, with hackers not necessarily targeting a specific size or type of company, any organization is at risk. In order to combat ransomware, middle market organizations must implement a proactive security framework that includes increased awareness training throughout the organization that details common attack methods, incident response planning, system backups and patch management programs.

You may also be interested in

Cyberthreats continue to evolve and companies must be prepared


Cyberthreats continue to evolve and companies must be prepared

Cyberattacks evolve in an attempt to expose weaknesses, and that has never been more evident than during the COVID-19 pandemic.

Migration to the cloud to ensure datasecurity


Migration to the cloud to ensure datasecurity

While the cloud can provide significant benefits, middle market companies must be careful when selecting a cloud provider.

RSM US Middle Market Business Index Cybersecurity Special Report 2021


RSM US Middle Market Business Index Cybersecurity Special Report 2021

Cybersecurity threats have continued to increase in the middle market, with record levels seen for several types of attacks.


How can we help you?

Contact us by phone at 800.274.3978 or request more information by email. 

View past cybersecurity reports