Here's an alarming stat from Accenture: more than one-third of cyberattacks are aimed at small businesses, but only 14% of them are prepared to defend themselves.
Small and midsize enterprises (SMEs) often do not have the resources to protect themselves from cybercriminals with bad intentions, leaving them vulnerable to financial and productivity losses, operation disruptions, extortion payments, settlement costs, and regulatory fines.
This is the gist of a new report titled "A New Age of Disaster Recovery Planning for SMEs" (download required) produced by MIT Technology Review Insights and sponsored by OVHcloud.
Here are some of the highlights and key findings from the 19-page report.
SMEs are becoming more frequent targets of cyberattacks
The pandemic, geopolitical factors, and the new hybrid/work-from-home landscape put midsize companies at 500% more risk of being targeted in 2021.
A disaster-recovery plan is no longer an option for SMEs; it's a must-have
To protect business continuity, a solid plan that focuses on maintaining IT infrastructure, data, and applications is crucial for protecting against and responding to malware and ransomware attacks. The key is to minimize any damage.
Back up all data
Part of any disaster recovery plans include backing up data in multiple formats, across different systems, and using cloud services. Having an offline copy only a few key people know about is a solid option, as well. Cybercriminals can spend as long as 200 days within an enterprise's systems before being detected or taking action.
Practice makes perfect
No disaster recovery plan is worth much if stakeholders from top to bottom are not involved in practice runs. Practice helps identify issues before they happen. Plans should be regularly updated and adjusted, especially as a company scales in growth.
Other valuable information in the report includes the average cost of data breaches by industry in the U.S., data on ransomware attacks from 2018-2021, ransomware attacks by industry, suggestions for data backup and replication, information on 3-2-1 and 3-3-2 backup strategies, data protection preferences, and more.