Ransomware Rundown: What Businesses Need to Know

Ransomware Rundown: What Businesses Need to Know

  • By Brett Hansen
  • Mar 09, 2017

Today as the cybersecurity landscape continues to evolve at breakneck speed, so do the threats, and the amount of data we have sitting with the different organizations we deal with is growing each day. At this point, we all need to be aware of cybersecurity and the steps we need to take to safeguard ourselves and our most important information because there is no silver bullet for cybersecurity: the best line of defense is to educate ourselves.

Enter: ransomware. Five years ago when we talked about cyber-attacks, it’s likely we were talking about banking trojans that would steal your passwords and credit card numbers than anything else. Today, if your mobile or desktop computer becomes infected, what gets installed is most likely ransomware. Ransomware locks up endpoints – computers or mobile devices – and encrypts files to hold them hostage until an individual or organization pays a fee to the cybercriminals responsible for the attack. According to the Department of Justice, 4,000 ransomware attacks happen daily, which adds up to nearly 455 billion attacks a year, millions of dollars on the line and numerous amounts of your data that could potentially be jeopardized.

With that amount of money on the line, it’s very clear that ransomware is a problem for everyone, not just large organizations. Small businesses faced eight times more ransomware attacks in the third quarter of 2016 than the third quarter of 2017 and overall, 29% of all people have faced online threats. 70 percent of all attacks target companies with fewer than 5,000 people. Furthermore, 60 percent of SMBs that are targeted go out of business within six months of the attack. Why is this important to know? Because data is a lifeline for these businesses – and a lot of that data is actually yours. Protecting it should become a priority. As an IT industry, it is our job to help all businesses and consumers alike realize that legacy security solutions in use for the last decade just aren’t working any longer.

Ransomware is now so pervasive, it has become everyone’s problem: it attacks businesses indiscriminately, and it isn’t created to attack any specific industry above others. However, a key reason for the increased success rate of ransomware attacks in select industries such as finance and healthcare, can more readily be tied to the number of users who require regular access to confidential information, and the cyber-literacy of these employees. The onus is now on both businesses and employees to make security a priority.

In sectors where a high number of employees require access to this data regularly, such as health care providers requiring patient information, there are more opportunities for a ransomware attack, and opportunities often mean a higher success rate. Another reason these attacks are successful is because they target users who are traditionally more vulnerable to cyberattacks – be it smaller businesses without dedicated IT resources, individual employees who aren’t adequately protected or educated against malware execution, or organizations where data is of paramount importance.

That said, all data isn’t created equal. The most common types of data to be affected by a ransomware attack are employee, patient or customer information, as well as financial data. Attackers are also targeting data around infrastructure systems. For example, hackers compromised and encrypted data from around 900 systems from San Francisco’s Municipal Transportation Agency in November 2016. The incident did not affect the transit service, but the agency had to open the gates and provide free transport to passengers to minimize customer impact for 1 day. A month later, the Los Angeles Valley College paid $28,000 to have their data restored after a ransomware attack disrupted email, voice mail and computer systems at the public community college.

The future of ransomware attacks is directly tied to the future of where data will travel as employees become more and more mobile, and the areas of our lives where it will have more control. The advent of the Internet of Things and constant connectivity means that data will be pivotal to more areas of our corporate and personal lives. As data becomes more vital, the ransoms placed will be proportionate to the value of that data. Not only does this mean more opportunities for data to be held hostage, but it potentially raises the dollar value we are willing to pay for recovery. Estimates from the FBI put ransomware on pace to be a $1 billion source of income for cyber criminals this year.

To better prevent against ransomware attacks, it is imperative that businesses take a multi-layered approach that address all facets of cybersecurity:

  • Ensure solutions are in place to protect both the devices that access data and the critical data itself.  Prioritize protecting the most valuable assets to your company and build your security strategy from there.
  • Educate employees about their role in privacy and security, as well as the importance of respecting and protecting key data.
  • Encourage employees to think before they act. Employees should be wary of communications that implore them to act immediately, offer something that sounds too good to be true or ask for personal information.
  • Employees should fortify login accounts by enabling the strongest authentication tools available, such as biometrics, security keys or a unique one-time code through an app on your mobile device. Usernames and passwords are not enough to protect key accounts like email, banking and social media.
  • Make sure the security solutions you have in place are not outdated and are consistently updated.
  • Regularly back up critical data in a secure manner so that data isn’t lost if a breach occurs.

With Data Privacy Day just behind us, it’s a great time to learn about the different ways in which individuals and organizations can stay safe.  Prevention is the best cure and oftentimes education is the first line of defense to keep your company and customer data secure. For more information and resources regarding what you can do to protect yourself and your business from ransomware and other threats, please see the National Cyber Security Alliance’s business resources and Dell’s Security Solutions.

Featured

  • Allegion, Comfort Technologies Implement Mobile Credentials at the Artisan Apartment Homes in Florida

    Artisan Apartment Homes, a luxury apartment complex in Dunedin, Florida, recently transitioned from mechanical keys to electronic locks and centralized system software with support from Allegion US, a leading provider of security solutions, technology and services, and Florida-based Comfort Technologies, which specializes in deploying multifamily access control, IoT devices and software management solutions. Read Now

  • Mall of America Deploys AI-Powered Analytics to Enhance Parking Intelligence

    Mall of America®, the largest shopping and entertainment complex in North America, announced an expansion of its ongoing partnership with Axis Communications to deploy cutting-edge car-counting video analytics across more than a dozen locations. With this expansion, Mall of America (MOA) has boosted operational efficiency, improved safety and security, and enabled more informed decision-making around employee scheduling and streamlining transportation for large events. Read Now

  • Security Industry Association Launches New “askSIA” AI Tool

    The Security Industry Association (SIA) has unveiled a brand-new SIA member benefit – askSIA, a conversational AI agent designed to help users get the most out of their SIA membership, easily access SIA resources and find the latest information on SIA’s training and courses, reports and publications, events, certification offerings and more. SIA members can easily find askSIA by visiting the SIA homepage or looking for the askSIA icon in the top left of webpages. Read Now

    • Industry Events

  • Industry Embraces Mobile Access, Biometrics and AI

    A combination of evolving workplace dynamics, technology innovation and new user expectations is changing how people enter and interact with physical spaces. Access control is at the heart of these changes. Combined with biometrics and AI, mobile access control has become increasingly crucial for deploying entry solutions that are seamless, secure and adaptive to user needs. Read Now

  • Sustainable Video Solution Delivered for Landmark City of London Office Development

    An advanced, end-to-end video solution from IDIS, with a focus on reducing waste and costs, has helped a major office development in the City of London align its security with sustainability objectives. Read Now

Most   Popular

New Products

  • Camden CV-7600 High Security Card Readers

    Camden CV-7600 High Security Card Readers

    Camden Door Controls has relaunched its CV-7600 card readers in response to growing market demand for a more secure alternative to standard proximity credentials that can be easily cloned. CV-7600 readers support MIFARE DESFire EV1 & EV2 encryption technology credentials, making them virtually clone-proof and highly secure.

  • HD2055 Modular Barricade

    Delta Scientific’s electric HD2055 modular shallow foundation barricade is tested to ASTM M50/P1 with negative penetration from the vehicle upon impact. With a shallow foundation of only 24 inches, the HD2055 can be installed without worrying about buried power lines and other below grade obstructions. The modular make-up of the barrier also allows you to cover wider roadways by adding additional modules to the system. The HD2055 boasts an Emergency Fast Operation of 1.5 seconds giving the guard ample time to deploy under a high threat situation.

  • Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.

    Connect ONE®

    Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.