Business Daily Media

Men's Weekly

.

Ransomware isn’t going away, but SMBs can mitigate the associated risks

  • Written by Grayson Milbourne, security intelligence director, OpenText Security Solutions

Rising rates of ransomware increasingly target the education sector, government entities and the healthcare industry. The Webroot 2021 BrightCloud Threat Report dives into the data to show that ruthless and sophisticated ransomware attacks target victims with weak security postures. Small and medium-sized businesses (SMBs) are uniquely at risk, relative to larger enterprises, due to the lack of both financial and human resources.

Ransomware attacks can financially and operationally ruin SMBs. The Webroot Threat Report shows an average ransomware payment of $233,871 in the third quarter of 2020, a significant jump from $6,733 in 2018. Not only is this figure extremely concerning, but the long-term non-monetary consequences resulting from ransomware attacks include reputational damage and impact on consumer trust. Those kinds of effects can cause irreparable damage.

So, what exactly is ransomware and how can you safeguard your business against a potentially business ending attack?

Ransomware – and its detriment

Ransomware is a type of malware that takes advantage of the fact that businesses need their data to operate. Cybercriminals use ransomware to break into a business’s systems and effectively seal it away behind a lock. Once a business realizes they can’t access any of their data or systems, they’re desperate to get them back. That’s where the ransom part comes in – cybercriminals trade decryption keys to their locks for a ransom.

Ransomware attacks are usually multi-staged and can begin months before cybercriminals deploy ransomware or demand a ransom. During this time, attackers learn a business’s infrastructure to determine what they can get away with and how much ransom they can demand.

Phishing emails are the most common way that ransomware infiltrates a business. First, an employee opens an email and downloads an innocuous Word or Excel attachment. The document then asks the employee to enable macros. Doing so automatically downloads a malware payload that infects the computer and acts as a backdoor to the system for further malware downloads. 

According to an IDG eBook researching the current state of phishing, APAC business leaders are most likely to indicate that sensitive data was exposed due to phishing compared to other regional leaders. Furthermore, two thirds of APAC business leaders indicate elevated levels of concern regarding phishing threats.

While there isn’t much room to negotiate once your data is locked away by cybercriminals, taking a preventative approach in your cybersecurity strategy is a necessity for decreasing the chance that your business will be impacted by a ransomware attack.

A preventive approach to safeguarding data

With ransomware so pervasive, a layered approach to cybersecurity is key to mitigating risks for businesses. SMBs achieve cyber resilience by forming and implementing a plan that includes security awareness training, backups and security measures such as endpoint and network protection. No single layer will ever be 100 percent effective at stopping threats, but by using several layers together, you build stronger protection than any single layer. 

One of the most effective layers of protection is user education. Taught to identify suspicious emails, employees can transform into one of your best layers of defence. The best training even keeps them informed about current tactics and scams used by cybercriminals. Businesses that embrace ongoing security awareness training see a 72 percent reduction in users clicking on links in phishing emails according, to the 2021 BrightCloud Threat report.

The IDG eBook also found that nearly 50 percent of APAC leaders feel their employees are only ‘somewhat’ prepared to combat phishing attempt. However, 44 percent indicated their security training investment increased with an additional 47 percent revealing their security awareness training is very effective. This shows that businesses know they need to invest in trainings even if they haven’t yet adopted the right kind.

In addition to user education, businesses can further protect their data by implementing a regularly tested and reported on backup strategy. This ensures that if something is amiss, IT administrators can easily identify it.

Businesses should also install a reputable cybersecurity software for an extra layer of defence. This includes vital cybersecurity measures like DNS protection and endpoint protection.

You might feel overwhelmed by pervasive cyberthreats. But you can greatly mitigate your chances of falling victim to cybercrime with a layered approach to cyber security. You can achieve cyber resilience by adopting security awareness programs, cybersecurity solutions and backup strategies.

Grayson Milbourne has over 15 years of experience directing threat research and engineering industry-leading security solutions to protect against advanced cyber threats. His expertise and interest in understanding today’s most advanced threats and the motives, methods and tactics of modern attackers help inform Webroot’s unique approach to security intelligence and ensure continuous product improvement. Passionate about security product testing and efficacy, Grayson has spoken at leading global security conferences like RSA and enjoys helping individuals and businesses stay informed on all things cybersecurity and cyber resilience.

Demand for Home Batteries surges as Federal Rebate Kicks In

A leading provider of energy solutions VoltX Energy has seen a 400% increase in demand for home batteries in the past three weeks as people put d...

Why Sport Remains the Safest Bet in an Uncertain World

When Rome was in crisis, its leaders did not retreat to the Senate. They went to the circus. To the chariot races. To the gladiators. Sport was no...

THE FINE LINE WITHIN HILARIOUS SIGNAGE DESIGN FAILS

It seems like design failures still occur in today’s modern branding era, despite rigorous rounds of approvals behind the scenes. One signage show...

Deputy Announces Exclusive Global Partnership with Predelo to Bring AI to Shift-Based Businesses

Deputy, the global people platform for shift-based businesses, has announced an exclusive partnership with Predelo, an AI Decision Agent-as-a-Serv...

Leftover Budget? The Last-Minute EOFY Tip to Drive Business Success in FY25/26

The countdown is on. With just days left until EOFY, now’s the time to make your remaining 2024–2025 budget work harder and smarter. After workin...

pay.com.au appoints new CEO and Managing Director

The former COO will lead the company’s next growth phase, with ex-CEO Edward Alder transitioning into the role of Managing Director AUSTRALIA, 25...

Sell by LayBy