Preparing for Ransomware Attacks
It seems like ransomware attacks have been continually in the news for the last several years. While we may be inundated with media reports of ransomware attacks targeting critical U.S. infrastructure or government agencies, the fact is that businesses large and small are also being targeted with such attacks daily.
Approximately 37% of global organizations said they were the victim of some form of ransomware attack in 2021, according to research and analyst firm IDC’s “2021 Ransomware Study. TechTarget further reports that the FBI’s Internet Crime Complaint Center reported 2,084 ransomware complaints from January to July 31, 2021, which represents a 62% year-over-year increase.
These attacks are incredibly damaging because they often can cripple a business until the ransom is paid. When ransomware is downloaded onto a device and goes on to infect a businesses’ systems it scrambles or even deletes critical data. This leaves businesses in a no-win situation: they either suffer financial loss paying the ransom or face severe damage to critical infrastructure.
Why SMEs?
Many might assume these attacks target only large, global businesses. Small and medium-sized enterprises may assume they are off the radar of the ransomware attacker. However, this could not be further from the truth. While it’s true that ransomware groups often attack large enterprises because of the potential profit involved, they also know these attacks will be harder as large businesses will have more robust cybersecurity defenses in place.
That may be why ransomware attacks against smaller organizations are on the rise. Ransomware groups know these victims may not be able to pay as much, but they will also have an easier time successfully pulling off the attack. This is simply an issue that cannot be ignored.
Then What Should Smaller Organizations Do?
Step 1
The first step is to make sure employees are trained to be aware of the latest ransomware threats. Many large enterprises conduct regular cybersecurity training with personnel, but even small businesses should do this as well. For example, make sure all employees are trained to spot email (or text) phishing attacks. Successful ransomware attacks often start with successful phishing attempts, where attackers then gain access to critical infrastructure. Businesses should also conduct an audit of the entire organization to determine the level of security in place today. Ensure there is a cybersecurity “chain of command” so to speak and put someone specifically in charge of security. Communications plans should be created for a worst-case scenario, and everyone involved should know what steps to take next if an attack occurs.
Step 2
The next step is to ensure that the most effective defenses are in place to protect the most critical business assets. High priority assets should receive a special focus. Ensure all software is updated and all apps are patched to fix potential security flaws. Relying on out-of-date software is an invitation for successful ransomware attacks.
Make sure every firewall is properly maintained and up to date. Conducting regular vulnerability audits and ensuring that they are identified and addressed means that it will be much harder for ransomware attacks to penetrate your critical systems. There is no substitute for being proactive.
Robust threat detection is also a critical aspect to staying safe from ransomware attacks. Cybercriminals have become more sophisticated and continue to evolve their tactics and tricks every day. Potential threats must be detected as early as possible to mitigate negative consequences. Since much ransomware is delivered through email, using phishing tactics, email security is crucial. This includes using a platform to monitor the ins and outs of email flow, including scanning attachments and URLs, both as they are incoming as well as post-delivery. Once a credible threat is detected, a plan of action must be formed between business leadership, security and legal as well as the appropriate authorities.
Step 3
This last part is very important. Reporting to the proper authorities should always be done, even if you think the ransomware attempt has been stopped and no damage has been done. This helps authorities monitor and track these types of attacks and hopefully prevent them in the future. The Cybersecurity & Infrastructure Security Agency (CISA), the nation’s cyber defense center has an online tool to report incidents. The FBI and Secret Service are other agencies that monitor and fight cyberattacks.
Ransomware Attacks are Real Risks
It seems like ransomware attacks are near the bottom of the list of concerns for many SMEs. But all businesses, no matter the size, are a potential target. With the right preparation, plans, and technology in place, however, businesses can be sure they are well protected against these devastating attacks.