Simple tools. Ominous results. Ambitious cyber criminals launched devastating ransomware attacks in 2017, taking in billions of dollars and disrupting businesses around the world.
As ransomware becomes a more lucrative tool for criminals, things could get much worse. Cyber attacks doubled in the first half of 2017 and damage costs are projected to reach $6 trillion annually by 2021. Since it’s not easy to bounce back from these attacks, it’s important to understand the risks and take steps to protect your business.
What is ransomware?
Ransomware is a type of malware that encrypts all of the files on a computer hard drive and demands ransom for an unlocking code. Small and medium-size businesses (SMBs) are a favorite target. According to CNN and a report from Osterman Research, ransomware attacks caused 22 percent of businesses with less than 1,000 employees to stop business operations immediately and 15 percent to lose revenue.
Ransomware is simple and devastatingly effective
Criminals like using ransomware because it’s efficient and easy to deliver. CyberScout estimates that 59 to 97 percent of ransomware attacks enter through emails with malicious links and attachments. All hackers need is an unsuspecting individual to click on a link or open an attachment to unleash infection.
ZDNet observes that SMBs are particularly vulnerable because they spend less on cyber security initiatives and are often woefully unprepared to defend against an attack. Though ransom amounts can vary, criminals are confident that the business victim will pay quickly to minimize network downtime and damage to reputation.
SMBs can be easy targets
Ransomware is a low-risk, high-reward game for criminals who get paid in hard-to-trace cryptocurrencies. Malware is constantly updated to stay ahead of security software, making it difficult for smaller companies to defend.
Consider these statistics:
• Every 40 seconds a company is hit with ransomware—and 1 in 5 businesses that paid a ransom never get their files back.
• 43% of cyber attacks worldwide struck companies with less than 250 workers
• 61% of SMBs fall victim to cyber attacks. Most of these attacks are phishing, social engineering and web-based.
Be proactive: Six things you can do now to fortify your defenses against ransomware
Cyber criminals don’t discriminate. If you rely on data to do business, then your company is a target for a ransomware attack. Take these preventive measures now to protect your business:
- Stay informed. Keep current with the latest security news so you can protect your company’s systems from new vulnerabilities and outbreaks.
- Back up files regularly. Decide on the appropriate frequency and ensure backups are separate from the computers and networks you’re backing up.
- Educate and train your employees. Teach employees how to spot suspicious emails and remind them to avoid clicking links without knowing the who, what, where and why.
- Keep all software current. Make sure you have the latest versions and updates installed for antivirus, antimalware, and other software systems. Ransomware can exploit vulnerabilities in any type of software if patches aren’t kept up to date.
- Implement protective policies. Strengthen email spam filters, authenticate inbound email, and filter executable files from reaching end users. For added defense, consider partnering with a provider of identity management and cyber security services.
- Be prepared. Create a response plan in case you do fall victim to an attack. You’ll need to regain control of your systems, delete infected files, run a scan, and restore the system to a previous state. Download clean versions of files from your backup.
Cyber crime is no joke. Be proactive and vigilant to protect your business. Educate yourself and employees about attacks and understand how infection spreads. Take preventive measures for all business systems including mobile devices and cloud applications. For additional protection, seek assistance from CyberScout—an expert cyber security partner providing the education, resources, products and services needed to defend your business against advanced attacks.