The Covid-19 pandemic forced the world to accelerate digitally at a rate which it hadn’t ever done so before. And as organizations across all industries transitioned their business processes and day to day from in-person to online, not so coincidentally, there was also a sharp increase in cyber threats and cyberattacks. Hackers leveraged the opportunity to attack vulnerable networks as office work moved to personal homes, with an FBI report finding a 300 percent increase in reported cybercrimes during the pandemic.
While cybercrimes of all kinds have been increasing in both volume and sophistication, ransomware in particular is quickly becoming the achilles heel to many organizations in a variety of industries. Ransomware is a form of malware that is installed covertly on a system and executes a crypto-virology attack that locks or encrypts valuable files on the network. Once in, malicious actors may also move laterally within an organization's network, infect endpoints and servers, and demand a ransom for access to a company's own data.
Ransomware attacks increased by 130% in 2020, and almost 40% of victims ended up paying the ransom. Enterprise ransomware accounts for 81% of total infections, and by market segment, 62% are small to medium-sized businesses, with losses for business averaged to $2,500 per incident, and ransom demands averaged to $13,000. The FBI estimates ransom payments per year exceed $1 billion, but others go further, estimating ransomware will cost as much as $6 trillion per year starting in 2021.
Considering how critical a ransomware attack can be for an organization of any size, cybersecurity has become one of the most important factors to companies today. However, to prepare for and try to prevent a ransomware attack, businesses need to do more than simply have a good security software. There are steps that can be taken to prevent ransomware pertaining to software, the staff, and steps the company itself can take.
Firstly, good cybersecurity is probably the most important step one can take in trying to prevent ransomware. Today, moving toward zero trust offers visibility and control over your network, when attempting to stop ransomware. Prioritizing assets and evaluating traffic, microsegmentation, and adaptive monitoring are all key aspects of the zero trust architecture, which help greatly reduce the risk of an attack.
On top of zero trust architecture, other simple software extensions such as Ad Block greatly aid in minimizing ransomware attacks. All devices and browsers should have extensions that automatically block pop-up ads. With the extensive use of the internet, malicious ads pose a long-lasting threat if not blocked.
Secondly, a staff must have the right training and procedures to both adequately attempt to prevent ransomware and know how to openly avoid cyber threats on the internet. Raising awareness about ransomware is a baseline security measure. But it could only take one employee lowering their guard for an organization to be compromised. While training sessions have influence over staff for every potential attack, added security is imperative nonetheless
In the case of remote work staff or just a loose policy surrounding devices acceptable for network access, it might be time to crack down. Unregulated use of new or unique devices poses an unnecessary risk to your network, and every device connected on an unsecure network is just another endpoint for potential cyber attackers. Such policies like bring-your-own-device (BYOD) are no longer the smartest options for organizations moving forward.
Finally, organizations themselves must take steps to prevent ransomware attacks. The most essential step a company can take themselves is having offline backups of vital data. While virtual backups are great, if you’re not storing data backups offline, you’re at risk of losing that data, in some cases forever. This means regular backups, multiple copies saved, and monitoring to ensure backups hold true to the original.
Testing and Updating are also crucial for any business in any industry. Updating anti-ransomware software to keep up with the latest digital innovations, and updating email gateways to monitor email attachments, websites, and files for malware are both necessities. As for testing, Sandbox testing provides a safe environment, disconnected from the greater network for testing the file, while rapid response testing is essential as well. In case of the unfortunate scenario of a successful breach, your team must be ready to restore systems and data recovery, which includes pre-assigning roles and ensuring a plan is in place.
While ransomware attacks aren’t going anywhere anytime soon, having reliable cybersecurity can greatly reduce the risk of getting hacked. Those interested to learn about the most up-to-date cybersecurity methods and applications can learn more at ITEXPO, one of the world’s largest, longest running, and most vital technology events. Taking place from June 22nd to June 25th, ITEXPO attracts companies of all sizes and represents all sectors of Communications and Technology Industries, including Enterprises and SMBs, Government Agencies, MSP/Resellers, Service Providers/Carriers, Manufacturers, Developers, and more.
Everyone from engineers and IT/telecom managers to C-Level execs and business owners will gather in Florida for the only event dedicated to solutions driving digital transformation for the enterprise mid-market, SMBs, resellers and service providers across traditional and emerging categories. Keynote speakers, panels, exhibitions, demos, special events and more will provide education, insight, and networking opportunities.
ITEXPO’s myriad of presentations includes ones pertaining to the latest cybersecurity opportunities, such as “Cybersecurity as Part of Your Solution Portfolio” with Marcia Dempster, Senior Director of Channel Sale at Keeper Security. There is also a keynote presentation about cybersecurity opportunities for MSPs where a group of panelists will discuss how the security landscape is changing, and how security solutions are evolving to meet those changes. To learn more about ITEXPO click here.
Edited by Luke Bellos