Ransomware Rundown: What Businesses Need to Know

Ransomware Rundown: What Businesses Need to Know

  • By Brett Hansen
  • Mar 09, 2017

Today as the cybersecurity landscape continues to evolve at breakneck speed, so do the threats, and the amount of data we have sitting with the different organizations we deal with is growing each day. At this point, we all need to be aware of cybersecurity and the steps we need to take to safeguard ourselves and our most important information because there is no silver bullet for cybersecurity: the best line of defense is to educate ourselves.

Enter: ransomware. Five years ago when we talked about cyber-attacks, it’s likely we were talking about banking trojans that would steal your passwords and credit card numbers than anything else. Today, if your mobile or desktop computer becomes infected, what gets installed is most likely ransomware. Ransomware locks up endpoints – computers or mobile devices – and encrypts files to hold them hostage until an individual or organization pays a fee to the cybercriminals responsible for the attack. According to the Department of Justice, 4,000 ransomware attacks happen daily, which adds up to nearly 455 billion attacks a year, millions of dollars on the line and numerous amounts of your data that could potentially be jeopardized.

With that amount of money on the line, it’s very clear that ransomware is a problem for everyone, not just large organizations. Small businesses faced eight times more ransomware attacks in the third quarter of 2016 than the third quarter of 2017 and overall, 29% of all people have faced online threats. 70 percent of all attacks target companies with fewer than 5,000 people. Furthermore, 60 percent of SMBs that are targeted go out of business within six months of the attack. Why is this important to know? Because data is a lifeline for these businesses – and a lot of that data is actually yours. Protecting it should become a priority. As an IT industry, it is our job to help all businesses and consumers alike realize that legacy security solutions in use for the last decade just aren’t working any longer.

Ransomware is now so pervasive, it has become everyone’s problem: it attacks businesses indiscriminately, and it isn’t created to attack any specific industry above others. However, a key reason for the increased success rate of ransomware attacks in select industries such as finance and healthcare, can more readily be tied to the number of users who require regular access to confidential information, and the cyber-literacy of these employees. The onus is now on both businesses and employees to make security a priority.

In sectors where a high number of employees require access to this data regularly, such as health care providers requiring patient information, there are more opportunities for a ransomware attack, and opportunities often mean a higher success rate. Another reason these attacks are successful is because they target users who are traditionally more vulnerable to cyberattacks – be it smaller businesses without dedicated IT resources, individual employees who aren’t adequately protected or educated against malware execution, or organizations where data is of paramount importance.

That said, all data isn’t created equal. The most common types of data to be affected by a ransomware attack are employee, patient or customer information, as well as financial data. Attackers are also targeting data around infrastructure systems. For example, hackers compromised and encrypted data from around 900 systems from San Francisco’s Municipal Transportation Agency in November 2016. The incident did not affect the transit service, but the agency had to open the gates and provide free transport to passengers to minimize customer impact for 1 day. A month later, the Los Angeles Valley College paid $28,000 to have their data restored after a ransomware attack disrupted email, voice mail and computer systems at the public community college.

The future of ransomware attacks is directly tied to the future of where data will travel as employees become more and more mobile, and the areas of our lives where it will have more control. The advent of the Internet of Things and constant connectivity means that data will be pivotal to more areas of our corporate and personal lives. As data becomes more vital, the ransoms placed will be proportionate to the value of that data. Not only does this mean more opportunities for data to be held hostage, but it potentially raises the dollar value we are willing to pay for recovery. Estimates from the FBI put ransomware on pace to be a $1 billion source of income for cyber criminals this year.

To better prevent against ransomware attacks, it is imperative that businesses take a multi-layered approach that address all facets of cybersecurity:

  • Ensure solutions are in place to protect both the devices that access data and the critical data itself.  Prioritize protecting the most valuable assets to your company and build your security strategy from there.
  • Educate employees about their role in privacy and security, as well as the importance of respecting and protecting key data.
  • Encourage employees to think before they act. Employees should be wary of communications that implore them to act immediately, offer something that sounds too good to be true or ask for personal information.
  • Employees should fortify login accounts by enabling the strongest authentication tools available, such as biometrics, security keys or a unique one-time code through an app on your mobile device. Usernames and passwords are not enough to protect key accounts like email, banking and social media.
  • Make sure the security solutions you have in place are not outdated and are consistently updated.
  • Regularly back up critical data in a secure manner so that data isn’t lost if a breach occurs.

With Data Privacy Day just behind us, it’s a great time to learn about the different ways in which individuals and organizations can stay safe.  Prevention is the best cure and oftentimes education is the first line of defense to keep your company and customer data secure. For more information and resources regarding what you can do to protect yourself and your business from ransomware and other threats, please see the National Cyber Security Alliance’s business resources and Dell’s Security Solutions.

Featured

  • Brivo, Eagle Eye Networks Merge

    Dean Drako, Chairman of Brivo, the leading global provider of cloud-native access control and smart space technologies, and Founder of Eagle Eye Networks, the global leader in cloud AI video surveillance, today announced the two companies will merge, creating the world’s largest AI cloud-native physical security company. The merged company will operate under the Brivo name and deliver a truly unified cloud-native security platform. Read Now

  • Security Industry Association Announces the 2026 Security Megatrends

    The Security Industry Association (SIA) has identified and forecasted the 2026 Security Megatrends, which form the basis of SIA’s signature annual Security Megatrends report defining the top 10 factors influencing both near- and long-term change in the global security industry. Read Now

  • The Future of Access Control: Cloud-Based Solutions for Safer Workplaces

    Access controls have revolutionized the way we protect our people, assets and operations. Gone are the days of cumbersome keychains and the security liabilities they introduced, but it’s a mistake to think that their evolution has reached its peak. Read Now

  • A Look at AI

    Large language models (LLMs) have taken the world by storm. Within months of OpenAI launching its AI chatbot, ChatGPT, it amassed more than 100 million users, making it the fastest-growing consumer application in history. Read Now

  • First, Do No Harm: Responsibly Applying Artificial Intelligence

    It was 2022 when early LLMs (Large Language Models) brought the term “AI” into mainstream public consciousness and since then, we’ve seen security corporations and integrators attempt to develop their solutions and sales pitches around the biggest tech boom of the 21st century. However, not all “artificial intelligence” is equally suitable for security applications, and it’s essential for end users to remain vigilant in understanding how their solutions are utilizing AI. Read Now

Most   Popular

New Products

  • FEP GameChanger

    FEP GameChanger

    Paige Datacom Solutions Introduces Important and Innovative Cabling Products GameChanger Cable, a proven and patented solution that significantly exceeds the reach of traditional category cable will now have a FEP/FEP construction.

  • A8V MIND

    A8V MIND

    Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area.

  • Unified VMS

    AxxonSoft introduces version 2.0 of the Axxon One VMS. The new release features integrations with various physical security systems, making Axxon One a unified VMS. Other enhancements include new AI video analytics and intelligent search functions, hardened cybersecurity, usability and performance improvements, and expanded cloud capabilities