Ransomware: A Proactive Approach

Ransomware is a word that companies dread because, for them, it means spending time, resources, and money to fix a completely unexpected problem. However, from a cybersecurity standpoint, the fact that businesses aren't expecting an attack seems to be exactly the reason why ransomware is so successful. Cybercriminals are out there, and they are always looking for new unsuspecting targets. The best way for companies to fend off these attacks is to understand that they are bound to happen and make preparations in advance.

If you don't expect to get hit by ransomware, you might as well be asking to get it. Companies that think, "It'll never happen to me. I'm too small, and I don't have enough revenue to be a target," are always sought after by cybercriminals. According to the 2019 Verizon Breach Report, 43% of breaches involve small business victims. Why? Because they are the ones who don't put the resources into cybersecurity. They are the lowest hanging fruits, and hackers are lazy, they want the easy catch so they can get paid. So, you can let the ransomware come your way and deal with the consequences afterward, or you can take a proactive approach to your company's security and stay one step ahead of the hackers.

Enable Your First Line of Defense

How do you prevent ransomware from infecting your business? You may think that such a devastating attack would need to be very well thought out and crafted. Maybe you believe that a hacker must have forcefully gone through your network, or even physically broken in and infected your device. However, this is rarely the case. More often than not, ransomware occurs due to human error. An employee gets an email that looks legitimate, and they click on a link because they haven't been trained to spot suspicious emails yet. Unbeknownst to the employee, they've just installed malware onto your device, and therefore network. That malware often turns out to be ransomware. According the 2018 Cost of a Data Breach report, sixty-one percent of respondents who have dealt with a data breach or recent ransomware incident say negligent employees put their company at risk for a ransomware attack, an increase from 58 percent of respondents in 2017. 

Before you think the solution is to fire every employee who fails to spot a phishing email, consider that hackers are very crafty. To the untrained and unaware eye, these emails look authentic, even containing the signatures of higher-ups. If you don't know you should be looking for a fake email, why would it cross your mind?

Untrained employees are a danger to your security. Hackers know this and will exploit them at all costs. However, Security Awareness Training ensures that employees understand the risks involved and provides them with the knowledge to make security-conscious decisions.

Improve Your Cybersecurity Infrastructure

1. Backup Regularly When it comes to ransomware, there is always the possibility that you could lose substantial amounts of data. Keep regular backups offline and in the cloud to sustain as little damage as possible, should a ransomware attack occur. Test those backups often to ensure files and assets are getting restored in their unaltered state. This way, you may only lose a few hours of data as opposed to months or years worth.
2. Update Always Keep systems up to date and patched. Updates are annoying and take time, but they are there for a reason. Many attacks have occurred simply because of vulnerabilities found in systems that were not updated.
3. Implement Threat Intelligence Having the latest threat intelligence in your network monitoring will help you stay vigilante of potential attacks. Even as ransomware changes and evolves, you can be sure your security will adapt with it.
4. Get Tested Knowing is half the battle, and having regular vulnerability assessments will make you aware of any weaknesses in your system's security. Then you'll be able to take the necessary steps to remediate those weaknesses.

It's great to have a plan in place for when an incident occurs. As we say in the cybersecurity world, you should plan to fail rather than fail to plan. However, if you can avoid an attack before it even occurs, why take the chance? Best practice would be to have an incident response plan, as well as all possible proactive measures implemented to prevent an attack from happening in the first place.