If you're a small-to-medium sized business (SMB), the fact is that you are a cybercriminal target. Malware attacks like ransomware can take your operations offline for days or weeks. Meanwhile, you incur tens of thousands of dollars in hourly recovery costs, and are involuntarily damaging customer relationships an the business itself.
Many organizations operate hoping , "It won't happen to us - we're too small," or take basic steps like copying some files to Google Drive or Microsoft OneDrive thinking that's enough. The reality is, protection today requires a dedicated effort and a defense in-depth solution that can stop threats outright. By understanding the extent of the ransomware threat today and following some cybersecurity best practices, you can go about your regular business - and rest easy.
Read on to learn key ways you can mitigate the risk to your organization, including how outsourcing some of the burden to a managed service provider (MSP) can make all the difference.
Ransomware is lethal and rampant.
It is a business leader's worst tech nightmare: An employee doing routine work opens an innocent-looking email attachment or web link that in fact is malicious, enabling a ransomware attack on their system. The malware locks up all the data it can find with unbreakable encryption, and in many cases spreads like wildfire throughout the business, locking up other desktops, laptops and servers.
The organization has a choice: Pay some anonymous criminal thousands of dollars in bitcoin to free up their data and get the business back online, or endure highly costly and disruptive downtime while attempting to recover or rebuild data from backup or other sources.
The Threat is only getting worse.
You may be wondering how ransomware evolved so rapidly from a once-rare threat into such a monster. A few things happened:
1. The rise of anonymous cryptocurrencies like bitcoin made it much easier for attackers to earn profits without leaving a money trail for law enforcement to follow.
2. Locking up data with encryption on a target system proved much easier than the previous widespread approach: moving valuable data into the attacker's hands and then selling it on the dark web.
3. The process of developing and spreading malware got much more sophisticated, mimicking the legitimate software-as-a-service industry. Highly skilled ransomware developers now equip armies of accomplices with simple tools to infect target machines at scale.
Five Ways That Can Effectively Lower Your Ransomware Risk
1. Conduct full backups of your systems regularly and frequently.
This discipline is the most reliable safety net against downtime and data loss in the event of a ransomware attack. With timely backups, it's possible to essentially turn back the block on your systems to a point before the attack occurred. The only data you lose is whatever was created between the last backup and the attack.
But beware - even a meticulous backup regimen is not a cure-all:
- Restoring systems from backup can be burdensome and if your recovery point (the day and time of your most recent backup) is sufficiently old, a lot of valuable data created between the backup and the attack will be lost.
- Many ransomware variants purposefully seek out backup archives and encrypt them. Cybercrminicals know that if your backups are compromised, you be likelier to pay up.
Integration between the backup agent and anti-malware agent is crucial for both to be effective.
2. Deploy a behavioral anti-malware solution that can address zero-day threats.
Thanks to the industrial efficiency and frequency with which criminals churn out new variants, one of the reasons ransomware has become so destructive is that most variants are effectively zero-day attacks. (i.e. previously unseen). Signature-based anti-virus cannot keep up with the pace of new threats.
Only anti-malware that can spot a ransomware attack by its behavior will be effective. Such solutions often employ artificial intelligence and machine learning to improve their ability to spot new variants and minimize false positives, or the flagging of innocent processes as malicious.
There are two potential challenges to manage here:
- Backup agents and behavioral anti-malware agents don't always place nice together: they can compete for resources, dragging endpoint performance down and undercutting each other's actions.
- Many businesses lack the skills and resources to manage a cyber protection solution that combines these two essential technologies (backup and behavioral anti-malware) for combating ransomware.
3. Patch like your business depends on it.
Zero-day threats are an urgent concern, but you need to close the known holes in your operating systems and applications too. That means monitoring dispatches from your vendors and quickly installing the latest security patches and other updates as they become available. Using vulnerability scanning as well as patch management tools or services can be a big asset. Don't let an old ransomware strain successfully attack your business because you failed to shut the door on a known vulnerability.
4. Conduct security awareness training for your staff.
One sure-fire way to avoid the damage from a ransomware attack is not to let one onto your system in the first place. Case in point: phishing - the use of trustworthy-looking emails that contain attachments or links that load malware onto the target system when clicked on by an unwary user - remains the most successful ransomware attack vector.
Security awareness training teaches employees to stay alert when processing emails. Cybercrooks are always getting better at crafting malware-bearing phishing emails that look safe to open. For example, they'll scan your social media accounts for clues about your personal life, then create an email that looks like it's from your neighborhood association or alumni group.
Training can also help minimize the risk of another popular attack vector: the use of drive-by malware downloads from compromised websites. Remind employees not to use work systems to visit dubious websites, including places that sell bootleg software or pirated versions of popular movies, TV series and videogames.
5. Recognize that the security of sensitive login credentials is at risk thanks to a wave of massive data breaches in recent years.
Cybercriminals take advantage of the fact that many of us re-use the same password across multiple sites. That enables the practice of "credential stuffing" - trying to find other sites on which stolen credentials work. That's a big problem if the passwords of any of your employees with IT administrative privileges get compromised.
Follow best practices for password creation (in essence, longer passwords are better). Whenever possible, use multi-factor authentication to protect your most sensitive accounts. Establish a policy that forbids password re-use across multiple accounts and encourage employees to use personal password manager apps to assist them in maintaining unique, strong passwords for each of the many accounts they may use.
You can take control of the fate of your organization if you leverage the technology and resources needed to protect your business against the 21st century's most prevalent and destructive cyberthreat - ransomware.
Cyber protection that combines robust backup with behavioral anti-malware is your most bullet-proof defense against the costly disruption and downtime of ransomware attacks. Many businesses will find that turning to a MSP for these advanced services is actually the simplest, fasted and most cost-effective option for getting there. When combined with the other four best security practices outlined above, your organization will be poised to outwit the ransomware gangsters and stay competitive.
As a full suite IT and cybersecurity firm, Restech can help with your business technology and security needs. Contact us today to learn more.