Ransomware isn’t going away, but SMBs can mitigate the associated risks
- Written by Grayson Milbourne, security intelligence director, OpenText Security Solutions
Rising rates of ransomware increasingly target the education sector, government entities and the healthcare industry. The Webroot 2021 BrightCloud Threat Report dives into the data to show that ruthless and sophisticated ransomware attacks target victims with weak security postures. Small and medium-sized businesses (SMBs) are uniquely at risk, relative to larger enterprises, due to the lack of both financial and human resources.
Ransomware attacks can financially and operationally ruin SMBs. The Webroot Threat Report shows an average ransomware payment of $233,871 in the third quarter of 2020, a significant jump from $6,733 in 2018. Not only is this figure extremely concerning, but the long-term non-monetary consequences resulting from ransomware attacks include reputational damage and impact on consumer trust. Those kinds of effects can cause irreparable damage.
So, what exactly is ransomware and how can you safeguard your business against a potentially business ending attack?
Ransomware – and its detriment
Ransomware is a type of malware that takes advantage of the fact that businesses need their data to operate. Cybercriminals use ransomware to break into a business’s systems and effectively seal it away behind a lock. Once a business realizes they can’t access any of their data or systems, they’re desperate to get them back. That’s where the ransom part comes in – cybercriminals trade decryption keys to their locks for a ransom.
Ransomware attacks are usually multi-staged and can begin months before cybercriminals deploy ransomware or demand a ransom. During this time, attackers learn a business’s infrastructure to determine what they can get away with and how much ransom they can demand.
Phishing emails are the most common way that ransomware infiltrates a business. First, an employee opens an email and downloads an innocuous Word or Excel attachment. The document then asks the employee to enable macros. Doing so automatically downloads a malware payload that infects the computer and acts as a backdoor to the system for further malware downloads.
According to an IDG eBook researching the current state of phishing, APAC business leaders are most likely to indicate that sensitive data was exposed due to phishing compared to other regional leaders. Furthermore, two thirds of APAC business leaders indicate elevated levels of concern regarding phishing threats.
While there isn’t much room to negotiate once your data is locked away by cybercriminals, taking a preventative approach in your cybersecurity strategy is a necessity for decreasing the chance that your business will be impacted by a ransomware attack.
A preventive approach to safeguarding data
With ransomware so pervasive, a layered approach to cybersecurity is key to mitigating risks for businesses. SMBs achieve cyber resilience by forming and implementing a plan that includes security awareness training, backups and security measures such as endpoint and network protection. No single layer will ever be 100 percent effective at stopping threats, but by using several layers together, you build stronger protection than any single layer.
One of the most effective layers of protection is user education. Taught to identify suspicious emails, employees can transform into one of your best layers of defence. The best training even keeps them informed about current tactics and scams used by cybercriminals. Businesses that embrace ongoing security awareness training see a 72 percent reduction in users clicking on links in phishing emails according, to the 2021 BrightCloud Threat report.
The IDG eBook also found that nearly 50 percent of APAC leaders feel their employees are only ‘somewhat’ prepared to combat phishing attempt. However, 44 percent indicated their security training investment increased with an additional 47 percent revealing their security awareness training is very effective. This shows that businesses know they need to invest in trainings even if they haven’t yet adopted the right kind.
In addition to user education, businesses can further protect their data by implementing a regularly tested and reported on backup strategy. This ensures that if something is amiss, IT administrators can easily identify it.
Businesses should also install a reputable cybersecurity software for an extra layer of defence. This includes vital cybersecurity measures like DNS protection and endpoint protection.
You might feel overwhelmed by pervasive cyberthreats. But you can greatly mitigate your chances of falling victim to cybercrime with a layered approach to cyber security. You can achieve cyber resilience by adopting security awareness programs, cybersecurity solutions and backup strategies.
Grayson Milbourne has over 15 years of experience directing threat research and engineering industry-leading security solutions to protect against advanced cyber threats. His expertise and interest in understanding today’s most advanced threats and the motives, methods and tactics of modern attackers help inform Webroot’s unique approach to security intelligence and ensure continuous product improvement. Passionate about security product testing and efficacy, Grayson has spoken at leading global security conferences like RSA and enjoys helping individuals and businesses stay informed on all things cybersecurity and cyber resilience.
