Ransomware is not a new threat, but it is one that is constantly evolving and becoming increasingly more prevalent and malicious. Having played a major role in the malware scene since 2014, ransomware has been at the forefront of many IT security discussions.
Ransomware attacks and other IT security concerns often reach headline news on a global scale as concerns over how well consumer data is protected mounts. Various reports, compiled by a number prominent figures in the IT security sector, reveal that the number of cyber-attacks are growing year upon year, with as many as four times the amount occurring in 2016 than 2015. In the first three months of 2016, the US alone handed over $209 million to ransomware attackers.
In Germany, a survey conducted across 592 companies revealed that 32% has been affected by ransomware, with as many as 21 organisations losing important company data which could not be restored.
Protecting against Cyber-Attacks
The general advice from the authorities is that victims do not pay the ransom, as there is no guarantee that upon its receipt, the stolen data will be released. More importantly, a continuous supply of compliant victims only serves to increase the attractiveness of the crime to the perpetrators and therefore fund future cybercriminal activities.
So if you can’t and shouldn’t pay to make it all go away, how can you prevent ransomware?
- IT Security
Prevention is the best form of protection and all enterprise organisations have the responsibility to invest in well managed security tools which enable the ability to prevent, detect and contain data breaches. Cyber threats and the security measures that protect against them are often locked in an arms race, and it is always possible that a new variation of a malware will slip through the cracks.
- Security Awareness & Training
Every employee should be well versed in basic IT security, particularly the areas of most vulnerability. Cyber-security experts note that email is one of the most common methods of ransomware delivery, with infected files gaining access onto the network though included links or attached files.
Phishing emails are also a common entrance route for ransomware, with their increasing likeness to the real deal causing end users to click without a second thought.
Security awareness campaigns and other data protection training are essential in minimising the risk of a ransomware attack.
- Backup Your Data!
The best defence against ransomware is to perform regular and secure organisational data backups. The San Francisco Municipal Transportation agency was held to a $73,000 ransom demand last year. Instead of paying, they instead recovered all corrupted files from a backup and disaster recovery system.
To ensure you always have up-to-date backups, a good backup strategy that is incorporated into organisational policy is essential.
Along with engrained organisational policy, increased staff training in these areas is also important to insure that all enterprise processes, data and systems are protected, and as close to real-time as possible to allow for their use in the recovery processes.
Also, it is important to ensure that your backup strategy will prevent currently backed up data being overwritten by data corrupted by a ransomware which would result in it being forever lost.
Ransomware attacks can be crippling to a company, and the more data that these criminals get their hands on, the more serious the consequences are. As with all cyber-attacks, the financial and reputational impact a security breach can have on an organisation are severe. Ransomware attacks are almost surely set to grow both in volume and complexity in 2017, and protecting your organisational data relies on tight security measures, increased staff awareness and training, and most importantly, up-to-date backups of organisational data which can be rolled out at a moment’s notice.
Check out our free infographic for more tips on how to protect your organisation and employees against ransomware.