Throughout this year, I’ve posted numerous times about ransomware attacks – stories about the Internets biggest threat, the criminal gangs behind the attacks, and some of the companies affected by such attacks.
In the majority of cases, the companies hit by these gangs are in the category of small to mid-sized (SME). A survey in 2022 by ransomware recovery specialists Coveware, indicated that 82% of ransomware attacks in 2021 were against companies with fewer than 1000 employees.
There could be all sorts of reasons why these type of companies get targeted, but in most cases it will be because they simply don’t have the skills or resources to properly defend their network against the multitudes of different attack vectors, any one of which can allow an attacker to gain access.
Small companies, especially considering the current economic climate are stretched to breaking point in many cases just surviving – it really isn’t on the radar of many companies to be focusing as much attention to security as they should be.
Larger companies most likely have dedicated budgets for security, have dedicated security teams with a plethora of tools to allow them to automate network scans, triage events, and respond to any incidents quickly and efficiently. Moreover, bigger organisations will have defined plans and processes in place to deal with security – smaller companies often lack these, because they have enough to deal with just running their business.
SMEs are vital to a countries economy
SMEs are generally thought to be the backbone of any healthy economy; they drive growth, provide employment opportunities and open new markets. SMEs also create a group of skilled and semi-skilled workers to support future industrial and business expansion.
The UK government classes any business with 250 or fewer staff as an SME, although from a taxation perspective HMRC classes any business with a staffing up to 500 employees as an SME.
The stability of the UK economy relies on low unemployment rates. Workers – who themselves provide goods and services – earn a wage which they then spend on goods and services. Consumer spending is the factor that most affects economic growth and Gross Domestic Product (GDP).
GDP is one of the primary indicators used to measure the economic health of a nation. Businesses won’t invest in capital and labour or try to expand to meet consumer demand if people aren’t spending.
Data from the Office for National Statistics (June 2023) show that in the UK, SMEs (<500 staff) employ around 30.5 million people, contributing over £6B to the UK economy.
It’s been reported that SMEs have created over 2 million jobs in the past 5 years and were found to be especially important to the local economies of South West England, Wales and Northern Ireland; in these areas, SMEs account for 70% of jobs within the private sector.
Small businesses are particularly effective when it comes to supporting local economies; they bring growth, prosperity and innovation to areas outside of main cities, which facilitates the equal distribution of income and wealth.
SMEs & ransomware
Given the economic importance of SMEs to a countries economic stability, and the fact that SMEs are the most targeted type of business, it becomes apparent that we have a serious problem when it comes to ransomware.
When an SME is hit with a ransomware attack, it can often be the end of that business as they simply don’t have enough slack in their finances to survive such an attack.
This fact is evidenced in the recent bankruptcy of the haulage company KNP logistics. Administrators were appointed to take control of the companies finances on Monday (25th)
KNP Logistics group were based in Kettering, Northants, and were the parent company of the 158-year-old haulage firm Knights of Old.
The group operated 350 tractor units, 500 trailers, and operated from a 55,000m2 distribution unit.
In June of this year, KNP suffered a major ransomware attack which affected key systems, processes and financial information.
Administrators from FRP Advisory Trading Limited said that “Against a backdrop of challenging market conditions and without being able to secure urgent investment due to the attack, the business was unable to continue”
As a result of the bankruptcy, around 730 employees would be made redundant.
As is always the case with any bankruptcy, its the employees who get hit the hardest. A post on Reddit shows some of the people affected by this ransomware event and the devastation it will be causing for those 730 staff members.
