Ransomware – How Some Affected Mid-Market Companies Still Don’t Understand Best Practice
Modern mid-market companies face a host of IT security challenges. One of the most pressing is ransomware attacks.
Newsweek reports that the number of mobile ransomware incidents have increased more than 250 percent during the first quarter of 2017. That’s a dramatic surge and shows just how serious of an issue it has become.
In terms of financial damages, they’re off the charts. In fact, ChannelE2E explains that businesses shelled out $301 million to ransomware attackers in 2016. When you consider the costs that result from downtime and data loss, it can be much more.
It’s a serious problem and a definite cause for concern for mid-market companies who may lack a formal IT security team like many larger organisations have.
A New Reality
CNN Tech references a study by Osterman Research and reports that roughly 22 percent of businesses with less than 1,000 employees were hit with a ransomware attack within the last year. All of these organisations were forced to stop operations immediately, which in turn led to downtime.
Among the companies who were affected, one in six experienced at least 25 hours of downtime. The average costs associated with this equalled over $100,000 per incident.
Of course, this doesn’t take into account the potential for additional government fines for data breaches. There are some stiff penalties for that as well. Not to mention the long-term loss a company can suffer when its brand equity inevitably plummets due to negative press.
The bottom line here is that modern mid-market companies are under siege. With nearly a quarter encountering some form of ransomware attack, it’s definitely something you want to be prepared for and know how to protect your business against.
But here’s the amazing thing. There are a sizable portion of mid-market companies who have been affected but still don’t have a firm grasp on what is considered best practice.
Maybe they suffered an attack and paid the ransom via bitcoin (a common form of digital currency used by cyber criminals to collect money). Or maybe they were unable to recover critical files and had to start all over.
Whatever the case, it’s foolish to not take serious preventative measures. After all, if your company was hit once, it could definitely be hit again.
Failure to understand best practice and implement proper procedures is putting your organisation at unnecessary risk, and it’s only a matter of time before another ransomware attack occurs.
What’s Best Practice?
This begs the question. What exactly should your organisation do to protect yourself from these nefarious attacks?
Although there is no be-all and end-all solution that’s fully comprehensive, there are several actions you can take to mitigate your risk. And even in a worst-case scenario where you do encounter a ransomware attack, you’ll at least have a game plan you can execute to reduce downtime and get operations back on track.
With that being said, here are some specific measures you should take.
This is pound-for-pound the most effective way to protect your data and prevent a lot of unnecessary complications from happening. Even if a cyber criminal encrypts your data, you can still usually access it by creating system backups. It’s simply a matter of file recovery.
But here’s the thing. It’s not always sufficient to use traditional system restore points because sophisticated hackers will often encrypt data on those files as well as on shadow copies. In this type of scenario, it won’t do you any good and your data will still be inaccessible.
Ideally, you’ll take a more diversified approach. For instance, you may want to have one copy stored in the cloud and another copy on a separate system outside of your network (e.g. an external hard drive).
This provides you with an effective failover and greatly increases the odds of restoring your files if you experience a ransomware attack. Also, be sure that you’re updating those backups regularly.
Some applications will do this automatically to ensure that you’re always up-to-date. There are also business continuity as a service (BCaaS) providers that can take care of this for you.
Out-of-date software and applications can create vulnerabilities and leave your organisation susceptible to attack. This is why it’s a good idea to go through with recommendations for software updates.
Or if possible, set computers to automatically perform updates for you. Staying on top of this can heighten security considerably.
Multiple studies have found that the primary reason behind malware and data breaches is employee carelessness. In fact, TechRepublic explains that negligent employees are the biggest cause for these issues at small and mid-market companies.
More specifically, 54 percent of IT professionals reported that careless employees were the number one reason for cyber security incidents. So in theory, your employees are actually your organisation’s biggest threat.
It’s important to remember that ransomware often makes initial entry through email attachments, questionable links and downloads. When employees lack proper education, it’s all too easy for them to be duped into opening the wrong email attachment, clicking on a malicious link or downloading an infected file.
Providing your employees with adequate education is essential in this day and age. Some specific topics to cover include:
- Creating secure passwords and routinely changing them
- Identifying suspect emails, links, files, etc.
- Protecting their mobile devices (portability makes them easy to steal)
- Being careful about the information they share through email, social media, etc.
- How to recognise an attack
- Speaking up whenever they spot a red flag
There’s also the issue of user privilege. The easier it is to gain access to your network and the larger the number of system administrator accounts there are, the more likely your company is to encounter a ransomware attack.
It’s important to note that some types of ransomware require a system administrator account in order to carry out their deeds. By minimising the number of user accounts, you can effectively reduce the attack surface and create an additional obstacle.
For this reason, you’ll want to be selective about who you grant access to. Be sure that those individuals can be trusted, and don’t create any more accounts than you have to.
Handling a Ransomware Attack
Finally, it’s crucial to have a plan of an action in the event of a worst-case scenario. Although it’s not a pleasant topic to think about, knowing what you’ll do ahead of time should mitigate any damages if you do in fact experience an attack.
Here are some measures you can take that should increase the odds of a positive outcome:
- Take a snapshot of your organisation’s system memory if possible. This can be helpful for identifying the path in which a cyber criminal gained access and potentially aid in decrypting your data.
- Shut your system down as soon as you know that it’s been compromised/and or infected. This should stop ransomware from spreading and creating any further damage.
- Try to pinpoint where the attack came from (e.g. maybe it came through a particular email)
- Restrict access to your network
- In some cases you may also want to alert authorities so they can perform a criminal investigation. This just depends on the severity and magnitude of the situation.
With any luck, taking these steps along with restoring data through a system backup will allow you to access your network once more. This leaves just one last topic to discuss.
Should I Pay a Ransom?
Let’s say that even after backing up your system and following proper protocol, you’re still unable to decrypt your data. Should you acquiesce and pay the ransom a cyber criminal is demanding?
Most experts would agree that this is generally a bad idea. Besides the ethical implications of paying criminals, there’s simply no guarantee that you’ll actually recover your data. The Guardian even references a statistic that says one in three companies who pay a ransom never actually recover their files.
Even if you do decrypt this data, your organisation is likely to be hit again in the future because cyber criminals know that you’re willing to pay. It’s a serious quandary.
Again, this is why it’s so important to understand best practice and take a proactive approach rather than being reactive.
A Growing Problem
Considering the rising number of ransomware incidents that are occurring, this is unfortunately an issue that’s here to stay. The widespread cyberattack called “WannaCry” from earlier in 2017 is a testament to this.
CNET reports that this devastating ransomware attacked affected more than 200,000 computers across 150 countries and targeted a variety of industries.
If you’ve ever encountered this type of attack, understanding best practice is imperative. Or if you’re fortunate enough to have stayed clear thus far, you’ll still want to become familiar with preventative techniques and ensure that your company adopts a security-centric culture.
Do you feel like your company is prepared for a ransomware attack? Please share your thoughts: