Businesses can no longer ignore the risk of a ransomware attack. The recent incident with the Colonial Pipeline may have elevated the crime spree to national attention, but incidents, risks, and losses have been increasing steadily over the years. It is not just government agencies or Fortune 500 businesses that are at risk.
According to Palo Alto Networks, the average ransomware demand in 2020 was nearly $850,000, with an average demand of $2.9 million for large enterprises. Coveware estimates that the average ransom payment rose to $233,817 in the third quarter of 2020, up 31 percent from the second quarter. A recent survey of IT executives from 26 countries by security software company Sophos estimates that 51 percent of organizations worldwide have been hit by ransomware, with 26 percent paying ransom to get their data back.
Assess Your Risk
Ransomware attackers target companies of all sizes in all industries—as well as individuals. While some cybercriminals are only seeking money, some are also after releasable or salable data.
For example, manufacturers can be targeted for their intellectual property. Healthcare providers can be targeted for their patients’ personally identifiable information. Police departments and law offices can be targeted for the potentially incriminating information they hold.
Plus, paying ransom isn’t always the end of the nightmare. The threat of releasing stolen data can be used over and over for extortion, and the criminals can return for more ransom.
Rather than face this dilemma, spend your IT energy and dollars preventing it. Basic security steps go a long way in protecting your network. For example:
Keep software up to date. Obviously, your antivirus software must be current but keep your operational software packages up to date as well. Regular software updates—sometimes ignored by harried executives—often contain security patches.
Know your network. Use a security package to provide insight about traffic on your network and alert you to intrusion attempts and anomalies. Also, keep track of devices connected to your network. With employees working from home and portals available for suppliers and customers, you may be at risk from a backdoor entry. Consider segmenting networks to reduce risk.
Watch emails. Don’t click links. Don’t open unknown attachments. Don’t respond to email from an untrusted source. No matter how many times you remind employees to use good email protocols, it’s never enough. People are busy. Criminals are sneaky. Regular training is a must.
Forget the sticks. While many companies have moved to cloud storage, some employees still use USB flash or stick drives. As convenient as they are, they are easily lost, get passed around and inserted into untrustworthy devices, making them an easy malware conduit.
Because their risks are so high, some companies have banned their use altogether. If employees must use a USB, insist on one with a secure-key lock that encrypts files.
Change passwords. Until there’s a better universal system for gaining access to networks and files, passwords are a necessary evil. Changing them regularly is painful but mandatory. The length of passwords contributes to their security far more than the complexity of characters.
Maintaining stringent cybersecurity protocols requires buy-in across your organization and continued efforts to educate staff on best practices. While there are no guarantees, it is possible to avert a crisis with proper planning.
Thoughtful business planning includes taking the steps to protect your organization from threats, keep your assets safe, and build the financial resources to withstand the unexpected. Contact Dembo Jones advisors today .