Not all cybersecurity threats are aimed at stealing your data. Some, like ransomware, are focused on cutting off your access to your own information unless you pay up. Sometimes, the payoff releases the data, and sometimes, it doesn’t. What is certain is that the cost of a ransomware attack has dramatically increased in recent years, and small-to-medium-sized businesses (SMBs) are hot targets. Although ransomware has become more prevalent and costly, there are some things you can do to protect your business.
Ransomware is a type of malicious software that may encrypt or block access to files or applications. It can affect smartphones and mobile devices as well as personal computers and servers. The malware may be distributed by malvertising, exploit kits or email phishing. It could be bundled with software that you download from the internet or hidden in a removable USB drive that is used as bait.
The same technology that has provided a myriad of web-based software applications for business has also allowed the cybercrime ecosystem to flourish. This means more cyber criminals can get into the ransomware business without needing technical skills or a big investment. Because of the success of Ransomware-as-a-Service (RaaS) platforms, cyber criminals continue to develop new malware families that are designed to avoid detection.
While RaaS has made it easier for wide-ranging attacks, targeted attacks are also on the rise as bad actors go after servers with tactics that look for vulnerabilities in software and unprotected network endpoints. The targets can be specific with this kind of attack, as hackers go after a particular department (such as finance) where the data is the most valuable.
A study by Symantec states that between 2014 and 2016, the cost of an individual ransom jumped from $372 per instance to $679. The majority of ransomware cases in this report were consumers, so we can expect ransoms for organizations to be even larger, as was the case for the California hospital that paid $17,000 to hackers to restore access to their records.
When a business falls prey to a ransomware attack, the impact extends beyond the price of the ransom. Costs accumulate when business processes are stopped. If the stoppage results in damage to others, there could be litigation and legal fees. When word leaks out to employees and customers about the hack, it can be difficult, if not impossible, to recover from the harm inflicted on the organization’s reputation.
As with any cybersecurity threat, the best defense is multi-layered. Robust technical security should be combined with ongoing cybersecurity awareness training for employees to teach them how to avoid the behaviors that put them, and your company, at risk. Having a backup and recovery plan could give you more options on how to respond to a hacker if you have a ransomware incident and can ensure the integrity of your data afterward.
Download: Cybersecurity Guidelines for Secure Behavior
What are the chances you will achieve your vision for your company if you aren’t certain of your security? If cybersecurity is not in your business and IT strategy, you could be missing some important ways that your organization is managing risk.
Contact us to explore how Thriveon’s proven process can help you improve IT security while enabling your business goals.