Ransomware Rundown: What Businesses Need to Know -- Security Today

Ransomware Rundown: What Businesses Need to Know

By Brett Hansen
Mar 09, 2017

Today as the cybersecurity landscape continues to evolve at breakneck speed, so do the threats, and the amount of data we have sitting with the different organizations we deal with is growing each day. At this point, we all need to be aware of cybersecurity and the steps we need to take to safeguard ourselves and our most important information because there is no silver bullet for cybersecurity: the best line of defense is to educate ourselves.

Enter: ransomware. Five years ago when we talked about cyber-attacks, it’s likely we were talking about banking trojans that would steal your passwords and credit card numbers than anything else. Today, if your mobile or desktop computer becomes infected, what gets installed is most likely ransomware. Ransomware locks up endpoints – computers or mobile devices – and encrypts files to hold them hostage until an individual or organization pays a fee to the cybercriminals responsible for the attack. According to the Department of Justice, 4,000 ransomware attacks happen daily, which adds up to nearly 455 billion attacks a year, millions of dollars on the line and numerous amounts of your data that could potentially be jeopardized.

With that amount of money on the line, it’s very clear that ransomware is a problem for everyone, not just large organizations. Small businesses faced eight times more ransomware attacks in the third quarter of 2016 than the third quarter of 2017 and overall, 29% of all people have faced online threats. 70 percent of all attacks target companies with fewer than 5,000 people. Furthermore, 60 percent of SMBs that are targeted go out of business within six months of the attack. Why is this important to know? Because data is a lifeline for these businesses – and a lot of that data is actually yours. Protecting it should become a priority. As an IT industry, it is our job to help all businesses and consumers alike realize that legacy security solutions in use for the last decade just aren’t working any longer.

Ransomware is now so pervasive, it has become everyone’s problem: it attacks businesses indiscriminately, and it isn’t created to attack any specific industry above others. However, a key reason for the increased success rate of ransomware attacks in select industries such as finance and healthcare, can more readily be tied to the number of users who require regular access to confidential information, and the cyber-literacy of these employees. The onus is now on both businesses and employees to make security a priority.

In sectors where a high number of employees require access to this data regularly, such as health care providers requiring patient information, there are more opportunities for a ransomware attack, and opportunities often mean a higher success rate. Another reason these attacks are successful is because they target users who are traditionally more vulnerable to cyberattacks – be it smaller businesses without dedicated IT resources, individual employees who aren’t adequately protected or educated against malware execution, or organizations where data is of paramount importance.

That said, all data isn’t created equal. The most common types of data to be affected by a ransomware attack are employee, patient or customer information, as well as financial data. Attackers are also targeting data around infrastructure systems. For example, hackers compromised and encrypted data from around 900 systems from San Francisco’s Municipal Transportation Agency in November 2016. The incident did not affect the transit service, but the agency had to open the gates and provide free transport to passengers to minimize customer impact for 1 day. A month later, the Los Angeles Valley College paid $28,000 to have their data restored after a ransomware attack disrupted email, voice mail and computer systems at the public community college.

The future of ransomware attacks is directly tied to the future of where data will travel as employees become more and more mobile, and the areas of our lives where it will have more control. The advent of the Internet of Things and constant connectivity means that data will be pivotal to more areas of our corporate and personal lives. As data becomes more vital, the ransoms placed will be proportionate to the value of that data. Not only does this mean more opportunities for data to be held hostage, but it potentially raises the dollar value we are willing to pay for recovery. Estimates from the FBI put ransomware on pace to be a $1 billion source of income for cyber criminals this year.

To better prevent against ransomware attacks, it is imperative that businesses take a multi-layered approach that address all facets of cybersecurity:

Ensure solutions are in place to protect both the devices that access data and the critical data itself. Prioritize protecting the most valuable assets to your company and build your security strategy from there.
Educate employees about their role in privacy and security, as well as the importance of respecting and protecting key data.
Encourage employees to think before they act. Employees should be wary of communications that implore them to act immediately, offer something that sounds too good to be true or ask for personal information.
Employees should fortify login accounts by enabling the strongest authentication tools available, such as biometrics, security keys or a unique one-time code through an app on your mobile device. Usernames and passwords are not enough to protect key accounts like email, banking and social media.
Make sure the security solutions you have in place are not outdated and are consistently updated.
Regularly back up critical data in a secure manner so that data isn’t lost if a breach occurs.

With Data Privacy Day just behind us, it’s a great time to learn about the different ways in which individuals and organizations can stay safe. Prevention is the best cure and oftentimes education is the first line of defense to keep your company and customer data secure. For more information and resources regarding what you can do to protect yourself and your business from ransomware and other threats, please see the National Cyber Security Alliance’s business resources and Dell’s Security Solutions.

Featured

Perimeter Security Standards for Multi-Site Businesses

When you run or own a business that has multiple locations, it is important to set clear perimeter security standards. By doing this, it allows you to assess and mitigate any potential threats or risks at each site or location efficiently and effectively. Read Now
Getting in Someone’s Face

There was a time, not so long ago, when the tradeshow industry must have thought COVID-19 might wipe out face-to-face meetings. It sure seemed that way about three years ago. Read Now
- Industry Events
- ISC West
Live From ISC West 2024: Post-Show Recap

ISC West 2024 is complete. And from start to finish, the entire conference was a huge success with almost 30,000 people in attendance. Read Now
- Industry Events
- ISC West
ISC West 2024 is a Rousing Success

The 2024 ISC West security tradeshow marked a pivotal moment in the industry, showcasing cutting-edge technology and innovative solutions to address evolving security challenges. Exhibitors left the event with a profound sense of satisfaction, as they witnessed a high level of engagement from attendees and forged valuable connections with potential clients and partners. Read Now
- Industry Events
- ISC West

Webinars

Hanwha Vision (formerly Hanwha Techwin), Salient Systems, Eagle Eye Networks Inc, Evolv Technology

Shooter Detection: The First Line of Defense
Hanwha Vision (formerly Hanwha Techwin), Salient Systems

Embracing AI-driven Access Control
HID Global

Unlock the Potential: Why Make the Shift to Mobile Credentials

Whitepapers

Genetec

How to Modernize Your Existing Security Systems Using Hybrid-Cloud
Eagle Eye Networks Inc

Are you ready for an on-site emergency? A practical checklist
Winsted Corporation

Top Considerations Designing an Ergonomic Control Room

New Products

AC Nio

Aiphone, a leading international manufacturer of intercom, access control, and emergency communication products, has introduced the AC Nio, its access control management software, an important addition to its new line of access control solutions. 3
4K Video Decoder

3xLOGIC’s VH-DECODER-4K is perfect for use in organizations of all sizes in diverse vertical sectors such as retail, leisure and hospitality, education and commercial premises. 3
HD2055 Modular Barricade

Delta Scientific’s electric HD2055 modular shallow foundation barricade is tested to ASTM M50/P1 with negative penetration from the vehicle upon impact. With a shallow foundation of only 24 inches, the HD2055 can be installed without worrying about buried power lines and other below grade obstructions. The modular make-up of the barrier also allows you to cover wider roadways by adding additional modules to the system. The HD2055 boasts an Emergency Fast Operation of 1.5 seconds giving the guard ample time to deploy under a high threat situation. 3

Ransomware Rundown: What Businesses Need to Know

ISC West 2024 Welcomed More Than 29,000 Attendees

Resideo to Acquire Snap One to Expand Presence in Smart Living Products and Distribution

Allegion US Features Interoperability, Mobile Credentials and More at ISC West

Altronix Showcases Products to Protect Critical Infrastructure at ISC West

Axis Communications Launches Axis Cloud Connect at ISC West 2024

Genetec Security Center SaaS Supports Direct-to-Cloud Workflows With Axis, Bosch, Hanwha, and i-PRO Devices

ASSA ABLOY Introduces Centrios, a New Access Control Brand for Small Businesses