Are You Talking ABout Ransomware? Here’s Why You Should Be.
Cyber security threats have been around for as long as computers have, but protecting your business against these attacks is becoming increasingly complex. With the sudden rise in attention given to news like the Panama Leaks or the cyber attacks hitting small businesses, large corporations, and even non-profit hospitals around the country, we here at BACS wanted to take some time to look in-depth at a type of cyber attack that is becoming more common every day: ransomware.
While the rise of cyber attacks in recent years has made the more tried-and-true threats easier to protect against with good security measures like firewalls or filtered browsing, ransomware is fast becoming the elephant in the room.
Businesses just aren’t talking about it, and when they do they often write it off as an issue that only affects large multi-national corporations. Unfortunately, even small businesses and nonprofits are being increasingly hit by ransomware.
A reactive approach to dealing with this issue means waiting until the threat occurs and trying to catch up to it before your data is lost.
Instead, BACS recommends a proactive approach. It’s essential that your IT department or a Managed IT company like BACS performs a ransomware threat assessment and external penetration testing on your network, regardless of any protections already in place.
What The Research Is Saying About Cyber Security
In a survey conducted by TripWire, 62% of enterprises admitted to feeling less than confident about their ability to deal with a ransomware attack. An infographic produced by KnowBe4 indicates that only 16% of IT departments feel as if their current security solutions would be “very effective” against ransomware.
KnowBe4’s infographic provided a few other interesting pieces of information, such as:
- 47% of respondents said that email was the top ransomware attack vector
- Only 64% of email filtering solutions are performing up to their specifications
- 88% of participants said that information security training sessions are the best way to mitigate an attack
- In a span of 6 months, confidence dropped in endpoint security solutions from 96% to 59%
Making Sense of the Research Data
When looking over the market research data gathered from information security firms around the country, a very distinctive pattern emerges: a majority of organizations do not feel confident in their current endpoint protection’s ability to stop a ransomware attack.
Many startups and enterprises don’t even seem to be aware of the severity of the ransomware threat, and don’t believe any attack would penetrate their security perimeter. Unfortunately, businesses which turn a blind eye to ransomware could easily end up on the hook later on when their confidential data (including sensitive or private transactional or customer information, company emails, details of private corporate meetings, etc) is stolen and sold to the highest bidder.
The reality of ransomware and other critical security threats should be a weekly talking point in every meeting with your IT staff. It’s essential to do what you can to prevent an attack now, and your IT staff should be prepared with what preventative steps to take and what they should do if the worst should happen and your organization falls prey to a cyber attack.
How Likely Is a Ransomware Attack?
Well, the truth is that these sorts of cyber attacks are on the rise. The New Jersey Department of Cybersecurity has released a white paper detailing the inner workings of cyber gangs who use ransomware for profit.
The report highlights the sudden rise in ransomware attacks while going into detail about the monetary implications for the businesses affected. New Jersey’s Cybersecurity Team found that ransomware is now being distributed on an affiliate model, where rogue 3rd parties will intentionally encrypt the hard drive of an unsuspecting person in order to earn a commission when the user pays the ransom.
The state task force’s white paper goes on to say that it may not be entirely possible to defend your network from a ransomware attack.
To Combat An Attack, You Need Backup
The best way to defend against a ransomware attack? Consistently and continuously updated data backup. Make sure it’s segregated from the rest of your network, so that hackers can’t find it easily. If your business is targeted for a ransomware attack, you won’t be forced to pay a ransom in order to become operational again. You can simply install the backed up data and get everything back online, leaving the hackers with empty, irrelevant data they can’t profit from. Updated data backup will help you defend against just about any cyber attack by letting you get back to businesses without taking a hit.
PricewaterhouseCoopers says that over 15,000 hard drives fail each day. PwC’s research also found that 94% of businesses went out of business after encountering a catastrophic data loss without a backup solution in place.
IT professionals recommend that you run backup software that uses a local user account versus logging in with a domain user account. Essentially, if you are attacked by a hacker, they won’t be able to find the backup software and it will be effectively hidden from them.
Backup software should encrypt your backups and offer a your organization a way to rapidly retrieve the data off of the backup images. Products such as StorageCraft, Veeam, and others have emerged as leaders in the server backup market. Security experts recommend that your business should implement employee training and awareness seminars that help end users identify the most common threats.
Concerned about the safety of your network? BACS is here to help. We provide high-tech IT support for high-tech companies both in and around the Bay Area of San Francisco, as well as nationwide. Give us a call at (650) 887-4601 or contact us online to schedule your FREE on-site consultation.