The Ransomware Reality Check
Small and medium businesses (SMBs) are increasingly in the crosshairs of ransomware operators. Contrary to popular belief, it's not just enterprise targets—over 43% of ransomware attacks now target small businesses, with average recovery costs exceeding £1.2 million.
Understanding the Attack Chain
Ransomware attacks typically follow a predictable pattern:
Layered Defence: The SMB Approach
#
Layer 1: Prevent Initial Compromise
Email Security
- Advanced email filtering with sandboxing
- DMARC, SPF, and DKIM authentication
- User training on phishing recognition
Endpoint Protection
- Next-generation antivirus (NGAV) with behavioural detection
- Application whitelisting for critical systems
- Regular patching and vulnerability management
Network Security
- Segregation of critical systems
- VPN-only access for remote administration
- Intrusion detection and prevention systems (IDPS)
#
Layer 2: Limit Blast Radius
Network Segmentation
- VLANs separating different business functions
- Firewall rules restricting east-west traffic
- Zero-trust network access (ZTNA) for remote users
Privilege Management
- Principle of least privilege for all accounts
- Separate admin accounts from standard user accounts
- Privileged access workstations (PAWs) for sensitive operations
Application Control
- Restrict PowerShell and scripting capabilities
- Disable macros by default in Office applications
- Block known malicious file types at the email gateway
#
Layer 3: Detect and Respond
Monitoring and Alerting
- 24/7 security operations centre (SOC) monitoring
- User and entity behaviour analytics (UEBA)
- Automated alerting for suspicious activities
Incident Response Planning
- Documented response procedures
- Designated incident response team
- Regular tabletop exercises and simulations
#
Layer 4: Recover and Restore
Backup Strategy
- 3-2-1 backup rule: 3 copies, 2 different media, 1 offsite
- Immutable backups that can't be encrypted by ransomware
- Regular restoration testing to verify recoverability
Business Continuity
- Critical system prioritisation
- Alternative communication channels
- Customer and vendor notification procedures
Special Considerations for SMBs
#
Resource Constraints
Most SMBs lack dedicated security teams. Consider:
#
Supply Chain Risks
SMBs are often entry points to larger targets:
- Vendor security assessments
- Contractual security requirements
- Network segmentation for third-party access
#
Regulatory Compliance
Understand your obligations:
- GDPR and data breach notification requirements
- Industry-specific regulations (PCI DSS, HIPAA equivalents)
- Cyber insurance policy requirements
The Human Element
Technology alone isn't enough. Your people are both your greatest vulnerability and your strongest defence:
Conclusion: A Proactive Stance
Ransomware defence isn't about achieving perfect security—it's about raising the bar high enough that attackers move on to easier targets. By implementing these layered defences, SMBs can significantly reduce their risk profile.
Don't wait for an attack to take security seriously. En Route Solutions provides comprehensive ransomware protection services tailored for SMBs, from initial assessment through ongoing managed security services.
Schedule a free ransomware readiness assessment with our security team today.
Need help with threat intel?
Our team of experts can help you implement the strategies discussed in this article.
Get in Touch


