Business Daily Media

Ransomware isn’t going away, but SMBs can mitigate the associated risks

  • Written by Grayson Milbourne, security intelligence director, OpenText Security Solutions

Rising rates of ransomware increasingly target the education sector, government entities and the healthcare industry. The Webroot 2021 BrightCloud Threat Report dives into the data to show that ruthless and sophisticated ransomware attacks target victims with weak security postures. Small and medium-sized businesses (SMBs) are uniquely at risk, relative to larger enterprises, due to the lack of both financial and human resources.

Ransomware attacks can financially and operationally ruin SMBs. The Webroot Threat Report shows an average ransomware payment of $233,871 in the third quarter of 2020, a significant jump from $6,733 in 2018. Not only is this figure extremely concerning, but the long-term non-monetary consequences resulting from ransomware attacks include reputational damage and impact on consumer trust. Those kinds of effects can cause irreparable damage.

So, what exactly is ransomware and how can you safeguard your business against a potentially business ending attack?

Ransomware – and its detriment

Ransomware is a type of malware that takes advantage of the fact that businesses need their data to operate. Cybercriminals use ransomware to break into a business’s systems and effectively seal it away behind a lock. Once a business realizes they can’t access any of their data or systems, they’re desperate to get them back. That’s where the ransom part comes in – cybercriminals trade decryption keys to their locks for a ransom.

Ransomware attacks are usually multi-staged and can begin months before cybercriminals deploy ransomware or demand a ransom. During this time, attackers learn a business’s infrastructure to determine what they can get away with and how much ransom they can demand.

Phishing emails are the most common way that ransomware infiltrates a business. First, an employee opens an email and downloads an innocuous Word or Excel attachment. The document then asks the employee to enable macros. Doing so automatically downloads a malware payload that infects the computer and acts as a backdoor to the system for further malware downloads. 

According to an IDG eBook researching the current state of phishing, APAC business leaders are most likely to indicate that sensitive data was exposed due to phishing compared to other regional leaders. Furthermore, two thirds of APAC business leaders indicate elevated levels of concern regarding phishing threats.

While there isn’t much room to negotiate once your data is locked away by cybercriminals, taking a preventative approach in your cybersecurity strategy is a necessity for decreasing the chance that your business will be impacted by a ransomware attack.

A preventive approach to safeguarding data

With ransomware so pervasive, a layered approach to cybersecurity is key to mitigating risks for businesses. SMBs achieve cyber resilience by forming and implementing a plan that includes security awareness training, backups and security measures such as endpoint and network protection. No single layer will ever be 100 percent effective at stopping threats, but by using several layers together, you build stronger protection than any single layer. 

One of the most effective layers of protection is user education. Taught to identify suspicious emails, employees can transform into one of your best layers of defence. The best training even keeps them informed about current tactics and scams used by cybercriminals. Businesses that embrace ongoing security awareness training see a 72 percent reduction in users clicking on links in phishing emails according, to the 2021 BrightCloud Threat report.

The IDG eBook also found that nearly 50 percent of APAC leaders feel their employees are only ‘somewhat’ prepared to combat phishing attempt. However, 44 percent indicated their security training investment increased with an additional 47 percent revealing their security awareness training is very effective. This shows that businesses know they need to invest in trainings even if they haven’t yet adopted the right kind.

In addition to user education, businesses can further protect their data by implementing a regularly tested and reported on backup strategy. This ensures that if something is amiss, IT administrators can easily identify it.

Businesses should also install a reputable cybersecurity software for an extra layer of defence. This includes vital cybersecurity measures like DNS protection and endpoint protection.

You might feel overwhelmed by pervasive cyberthreats. But you can greatly mitigate your chances of falling victim to cybercrime with a layered approach to cyber security. You can achieve cyber resilience by adopting security awareness programs, cybersecurity solutions and backup strategies.

Grayson Milbourne has over 15 years of experience directing threat research and engineering industry-leading security solutions to protect against advanced cyber threats. His expertise and interest in understanding today’s most advanced threats and the motives, methods and tactics of modern attackers help inform Webroot’s unique approach to security intelligence and ensure continuous product improvement. Passionate about security product testing and efficacy, Grayson has spoken at leading global security conferences like RSA and enjoys helping individuals and businesses stay informed on all things cybersecurity and cyber resilience.

Business Reports

Why you need an Australian digital marketing agency

When you're looking to grow your business, hiring a digital marketing agency can be a great way to get started before hiring in-house. You can also use an agency to partner with a small in-house team to get things done faster. ...

How to Advance Your Career in Nursing (Easy Guide)

In 2022, many nurses are focused on career progression. If you’re one of them, this easy guide is exactly what you need. According to the World Health Organization (WHO), there are approximately 27 million men and women nurs...

What is neoliberalism? A political scientist explains the use and evolution of the term

President Ronald Reagan, shown here speaking in Moscow in 1980, was an early adopter of neoliberalism in the U.S. Dirck Halstead/LiaisonNeoliberalism is a complex concept that many people use – and overuse – in differe...

Deciding whether buying a franchise is right for you

How do you know if buying a franchise for sale will be the right move for your business? Here are some of the most important factors to consider when determining whether or not to buy a franchise. Identify your financial goal... partners with Australian farmer network ONFARM, the leading provider of secure online payments and a wholly owned subsidiary of Freelancer Limited (ASX: FLN, OTCQX: FLNCF), today announced a partnership with ONFARM, a world-first agricultural meeting and market...

Inflation rates are rising in the US – an economist explains why

A variety of factors have caused the U.S. inflation rate to increase over the past few years, from the pandemic to the war in Ukraine.Javier Ghersi/Moment via Getty ImagesConsumer prices in the U.S. are rising due to inflation at ...

Web Busters - Break into local search