The time for half-measures and paying exorbitant ransomware demands must come to an end. Cybercriminals continue to attack honest, hard-working business professionals at break-neck speed, and their financial demands are unsustainable. Even a cursory review of ransomware wreckage in recent years proves that small, mid-sized, and large corporations must stand their ground in 2021.
- The average ransomware-driven downtime rose by 200 percent year-over-year.
- The average cost of an attack on a business stands at $133,000.
- The annual cost of ransomware skyrocketed from $8 billion in 2016 to $20 billion in 2020.
Although IT insiders see plenty of trending headlines about multi-million-dollar ransom demands and payoffs, the facts are that approximately 20 percent of small and mid-sized organizations fall victim. Hackers deploying malicious software represent an existential threat to an MSP’s clients. That’s why IT and cybersecurity experts are weighing in on how to prevent incursions and survive ransomware attacks.
How to Address a Ransomware Attack from the Beginning?
Managed IT professionals largely agree that frontline employees represent a tipping point. In many cases, a blend of electronic messaging and trickery will trap an unsuspecting worker and penetrate a network.
“The average hacker automates their payloads and will bank on a moment of weakness, not from the technical side, but the human side,” Ian Hansen, of Philantech3, reportedly said. “If teams are well-trained on these entry points, then their organization stands a much greater chance of avoiding a ransomware attack.”
Mike Shelah, of Advantage Industries, echoes Hansen’s point that cybercriminals are likely to stick with tried-and-true methods such as employee vulnerabilities. With year-over-year theft rates increasing by billions, standard practices will most certainly linger through 2021. Shelah advises businesses to avoid becoming the low hanging fruit by implementing the following defenses.
- Use multifactor authentication on every device and for every program available.
- Conduct regular cybersecurity training to educate your staff.
- Identify staff who do not take a cybersecurity test, fail, or post a low score.
- Require extra training as they are now the highest security risk in your company.
- Make sure your backup is redundant and managed by a third party with expertise in configuration and retrieval.
Shelah makes valid points across the board. Too many small and mid-sized operations gamble on cybersecurity. Upstarts or organizations on shoestring budgets tend to weigh the cost of strategic deterrents against the odds of an attack. The ransomware data indicates this will eventually be a losing bet. Ian Brady, of Steadfast Solutions, points out that the transition to increased remote workforces puts businesses in a compromised position. Work-from-home policies must be implemented yesterday to ensure survival.
“Completely isolate the employee’s home environment from the corporate network. Virtual desktops are important with no means to drag any data from home computers to the virtual desktop,” Brady reportedly said. “Use mobile device management to ensure any connected BYOD device has the corporate data encapsulated.”
Brady brushes against one of the salient issues cybersecurity experts consider every day. Shifting workforces, emerging technologies, and newly-conceived hacking threats can turn ransomware into a cat-and-mouse game. Cybersecurity experts are tasked with understanding how malicious software has evolved to predict the next steps.
How have Ransomware Attacks Changed?
The pandemic not only threatened the lives of people in every community. It also created a watershed cybersecurity event. Ransomware attackers shifted much of their focus away from office-based networks and began exploring home-office vulnerabilities. The number of people who worked from home 5 days per week surged from 17 percent before the pandemic to 44 percent. A reimagined business landscape changed everything.
“Many people are also balancing working from home with their children attending school from home. These distractions are also causing employees to miss important indicators for malicious email activity and fall for phishing attempts at a higher rate than previous,” Demetrius Cassidy, of In The Cloud Technologies, reportedly said. “People no longer have the benefit of the enterprise security tools that are available only in the office. This includes, of course, the company firewall, but also things like group policies, remediation and detection scripts, on-premises security, and anti-virus definitions.”
Cassidy points out that a dire need to correct deficiencies exists. These include issues such as “split-tunneling, which allows people to browse the internet without going through the company VPN in favor of web browsing performance.” He also notes that allowing employees to access business data from coffee shops and other unsecured Wi-Fi sources opens a veritable Pandora’s Box of threats.
Cybersecurity experts typically agree that prevention and training improvements are needed. The IT sector appears to be bloated with course offerings that seem to check the right boxes. Standardized cybersecurity awareness training can be a lot like getting a lower homeowners insurance premium for installing a smoke detector in the kitchen. After it goes off once or twice while cooking, you remove the battery and forget all about it.
“When requiring people to get a passing score, they tend to memorize answers and not content. Those employees are busy and want to get back to what matters to them — their jobs. So, they will do the minimum requirement and commit to short-term memory and move on,” Cassidy reportedly said. “Care. Care is what is missing from this training. Do you want your people to care about security? If so, you need to stop using scare tactics and imposing statistics and show them why security matters.”
Should Companies Pay the Ransom?
Paying a ransom can be a slippery slope that leads to further extortion. A hacker’s promise to deliver a restoration code can prove hollow. Even when they follow through after completing the cryptocurrency payment, copies may be sold on the dark web.
“I can say that even if you pay the ransom and you get your files back. They likely are going to be damaged,” Nick Allo, of SemTech IT Solutions, reportedly said.
On the other hand, we’re all told by government officials to “never negotiate” with these digital terrorists. But we know from experience that officials routinely say one thing and do the precise opposite. That tells us that unless organizations are prepared, they may be forced to pay without any real assurance of getting their digital assets back.
“Paying the ransom is the last line when no recovery is available,” Brady reportedly said. “Backups must be replicated offsite and files encrypted. There also must be restored points so you can go back before the attack.”
Without a viable fallback position, industry leaders may have no choice but to pay higher ransoms in 2021 and cross their fingers. Organizations can either train their people and harden their defenses or following this advice.
“If you do not have full cyber insurance for your business, change that immediately,” Shelah reportedly said.
Interesting Related Article: “5 Forgotten Security Measures Your Business Needs to Thrive“