Ransomware Rundown: What Businesses Need to Know -- Security Today

Ransomware Rundown: What Businesses Need to Know

By Brett Hansen
Mar 09, 2017

Today as the cybersecurity landscape continues to evolve at breakneck speed, so do the threats, and the amount of data we have sitting with the different organizations we deal with is growing each day. At this point, we all need to be aware of cybersecurity and the steps we need to take to safeguard ourselves and our most important information because there is no silver bullet for cybersecurity: the best line of defense is to educate ourselves.

Enter: ransomware. Five years ago when we talked about cyber-attacks, it’s likely we were talking about banking trojans that would steal your passwords and credit card numbers than anything else. Today, if your mobile or desktop computer becomes infected, what gets installed is most likely ransomware. Ransomware locks up endpoints – computers or mobile devices – and encrypts files to hold them hostage until an individual or organization pays a fee to the cybercriminals responsible for the attack. According to the Department of Justice, 4,000 ransomware attacks happen daily, which adds up to nearly 455 billion attacks a year, millions of dollars on the line and numerous amounts of your data that could potentially be jeopardized.

With that amount of money on the line, it’s very clear that ransomware is a problem for everyone, not just large organizations. Small businesses faced eight times more ransomware attacks in the third quarter of 2016 than the third quarter of 2017 and overall, 29% of all people have faced online threats. 70 percent of all attacks target companies with fewer than 5,000 people. Furthermore, 60 percent of SMBs that are targeted go out of business within six months of the attack. Why is this important to know? Because data is a lifeline for these businesses – and a lot of that data is actually yours. Protecting it should become a priority. As an IT industry, it is our job to help all businesses and consumers alike realize that legacy security solutions in use for the last decade just aren’t working any longer.

Ransomware is now so pervasive, it has become everyone’s problem: it attacks businesses indiscriminately, and it isn’t created to attack any specific industry above others. However, a key reason for the increased success rate of ransomware attacks in select industries such as finance and healthcare, can more readily be tied to the number of users who require regular access to confidential information, and the cyber-literacy of these employees. The onus is now on both businesses and employees to make security a priority.

In sectors where a high number of employees require access to this data regularly, such as health care providers requiring patient information, there are more opportunities for a ransomware attack, and opportunities often mean a higher success rate. Another reason these attacks are successful is because they target users who are traditionally more vulnerable to cyberattacks – be it smaller businesses without dedicated IT resources, individual employees who aren’t adequately protected or educated against malware execution, or organizations where data is of paramount importance.

That said, all data isn’t created equal. The most common types of data to be affected by a ransomware attack are employee, patient or customer information, as well as financial data. Attackers are also targeting data around infrastructure systems. For example, hackers compromised and encrypted data from around 900 systems from San Francisco’s Municipal Transportation Agency in November 2016. The incident did not affect the transit service, but the agency had to open the gates and provide free transport to passengers to minimize customer impact for 1 day. A month later, the Los Angeles Valley College paid $28,000 to have their data restored after a ransomware attack disrupted email, voice mail and computer systems at the public community college.

The future of ransomware attacks is directly tied to the future of where data will travel as employees become more and more mobile, and the areas of our lives where it will have more control. The advent of the Internet of Things and constant connectivity means that data will be pivotal to more areas of our corporate and personal lives. As data becomes more vital, the ransoms placed will be proportionate to the value of that data. Not only does this mean more opportunities for data to be held hostage, but it potentially raises the dollar value we are willing to pay for recovery. Estimates from the FBI put ransomware on pace to be a $1 billion source of income for cyber criminals this year.

To better prevent against ransomware attacks, it is imperative that businesses take a multi-layered approach that address all facets of cybersecurity:

Ensure solutions are in place to protect both the devices that access data and the critical data itself. Prioritize protecting the most valuable assets to your company and build your security strategy from there.
Educate employees about their role in privacy and security, as well as the importance of respecting and protecting key data.
Encourage employees to think before they act. Employees should be wary of communications that implore them to act immediately, offer something that sounds too good to be true or ask for personal information.
Employees should fortify login accounts by enabling the strongest authentication tools available, such as biometrics, security keys or a unique one-time code through an app on your mobile device. Usernames and passwords are not enough to protect key accounts like email, banking and social media.
Make sure the security solutions you have in place are not outdated and are consistently updated.
Regularly back up critical data in a secure manner so that data isn’t lost if a breach occurs.

With Data Privacy Day just behind us, it’s a great time to learn about the different ways in which individuals and organizations can stay safe. Prevention is the best cure and oftentimes education is the first line of defense to keep your company and customer data secure. For more information and resources regarding what you can do to protect yourself and your business from ransomware and other threats, please see the National Cyber Security Alliance’s business resources and Dell’s Security Solutions.

Featured

66 Percent of Cybersecurity Pros Say Job Stress is Growing

Sixty-six percent of cybersecurity professionals say their role is more stressful now than it was five years ago, according to the newly released 2024 State of Cybersecurity survey report from ISACA, a global professional association advancing trust in technology. Read Now
- Cybersecurity
Live from GSX 2024: Post-Show Recap

Another great edition of GSX is in the books! We’d like to thank our great partners for this years event, NAPCO, LVT, Eagle Eye Networks and Hirsch, for working with us and allowing us to highlight some of the great solutions the companies were showcasing during the crowded show. Read Now
- Industry Events
- GSX
Research: Cybersecurity Success Hinges on Full Organizational Support

Cybersecurity is the top technology priority for the vast majority of organizations, but moving from aspiration to reality requires a top-to-bottom commitment that many companies have yet to make, according to new research released today by CompTIA, the nonprofit association for the technology industry and workforce. Read Now
- Cybersecurity
Live from GSX 2024: Day 3 Recap

And GSX 2024 in Orlando, is officially in the books! I’d like to extend a hearty congratulations and a sincere thank-you to our partners in this year’s Live From program—NAPCO, Eagle Eye Networks, Hirsch, and LVT. Even though the show’s over, keep an eye on our GSX 2024 Live landing page for continued news and developments related to this year’s vast array of exhibitors and products. And if you’d like to learn more about our Live From program, please drop us a line—we’d love to work with you in Las Vegas at ISC West 2025. Read Now
- Industry Events
- GSX

Webinars

Push-to-Talk over Cellular – The NEXT Revolution
Napco Access Pro, Eagle Eye Networks Inc, Occupational Health & Safety, Security Today

The Security and Safety Summit
Salient Systems, Hanwha Vision (formerly Hanwha Techwin), Omnilert, Eagle Eye Networks Inc, HID Global, i-PRO Americas Inc., Arcules, Napco Access Pro

Before And After The School Bell Rings: K-12 Life Safety is 24-7-365

Whitepapers

Securitas Technology

Optimizing Security and Business Performance
American Funding Solutions

Securing Cash Flow: How Invoice Factoring Helps Security Companies Grow
Arcules

Physical security shift happens

New Products

Compact IP Video Intercom

Viking’s X-205 Series of intercoms provide HD IP video and two-way voice communication - all wrapped up in an attractive compact chassis. 3
4K Video Decoder

3xLOGIC’s VH-DECODER-4K is perfect for use in organizations of all sizes in diverse vertical sectors such as retail, leisure and hospitality, education and commercial premises. 3
Camden CV-7600 High Security Card Readers

Camden Door Controls has relaunched its CV-7600 card readers in response to growing market demand for a more secure alternative to standard proximity credentials that can be easily cloned. CV-7600 readers support MIFARE DESFire EV1 & EV2 encryption technology credentials, making them virtually clone-proof and highly secure. 3

Ransomware Rundown: What Businesses Need to Know

Securitas Joins AI Pact for Responsible AI Use

16,000 Registrants from 86 Nations Participate in GSX 2024

Security Industry Association Announces Winners for the 2024 James Rothstein Business Scholarship

PureTech Systems Inc. Awarded Major Command and Control Contract by U.S. Government to Enhance National Security

Local Law Enforcement Heroes Honored at a Challenge Coin Ceremony Hosted by 3Si at GSX 2024

IDIS Americas Releases AI-Powered, License-Free VMS

Biden Administration Proposes Ban on Chinese Vehicles and Russian Tech for Autonomous Vehicles on U.S. Roads