(4 min read)
Ransomware is such a fast-growing area of cyber crime that specialists are now referring to it as an ‘industry'.
2020 saw a dramatic rise in ransomware attacks, which have become increasingly sophisticated and are earning their originators hundreds of millions of dollars.
No business is immune to a ransomware attack. You might only hear about the most audacious attacks or the most lucrative. But they are happening to businesses everywhere.
A quick guide to ransomware
Ransomware is a type of cyber crime where your system is hacked and malware uploaded to it. The malware prevents you from accessing any of your data, so your business is completely unable to operate.
Once the attack has taken place, you’ll get a ransom demand. Without paying the ransom, you won’t get access to your data or your system. Ransomware is all about getting the largest amount of money out of the victim business. So you may be asked to pay for a decryption key. But that might not give you access to all your files. So you have to pay again for that. And then the hacker may come back to say they have altered information in your files – so you have to pay to get the original versions back.
Ransomware criminals are ruthless and greedy. They don’t care about you or your business. They are just interested in hitting your business for as much money as they can get.
Why should you be worried?
Cyber experts agree that smaller businesses are at a higher risk of ransomware attacks. Why?
- They tend to have less security and protection around their IT systems
- They are more likely to panic and pay up when a demand is delivered
- They can least afford to have their business go down for several days
Why are attacks increasing?
There are two or three key reasons why we are seeing, reading about and experiencing more ransomware attacks:
- Sophisticated approach – ransomware criminals are clever and they work like any other industry, bringing in specialists for certain skills and knowledge so that they can guarantee success. They understand how to get into your systems and hide until they are ready to strike. And they are always looking for better ways to blackmail companies.
- Cryptocurrency – the popularity and ease of dealing in cryptocurrency means that there are fewer barriers to criminals getting paid.
- It’s working – companies pay up rather than suffer business downtime. And with more businesses now taking out specialist cyber insurance, they can start a claim straight away and a third party will pay the costs. What’s not to love about an operation where someone always pays?
What can you do to prevent an attack?
Just like regular crime, the harder it looks to access your system, the less likely a ransomware criminal is to attack you. So it makes sense to cover all of these basics at the very least, and to take further steps to protect your business and its data.
Importantly, you should look for ways to change the way your employees behave around cyber issues. This is more than just making them ‘aware’ of the issues. It’s about showing them how they can change the way they act – and why it’s important. Most cyber training covers the issues, but doesn’t address the practical behaviours. So when you’re putting these suggestions into action, look for training that focuses on behavioural change as well as general awareness.
Make sure all your employees know how to spot suspicious activity: most successful cyber security breaches are down to human error. If your people don’t know how to spot a scam email or a suspicious attachment, how can you expect to protect your business? Invest in good quality cyber training that teaches people how to protect the business and themselves.
Talk to your IT provider: email scanning and filtering means that attack emails are less likely to land in the inboxes of employees who might open them.
Make sure firewalls and anti-virus applications are up-to-date: attackers can get in through gaps in old systems. Don’t let them.
Retain data for longer: some ransomware can sit in your system for days or even weeks before it activates. If you retain your data for longer, and you experience an attack, you can track it.
|Mark Brown, is a behavioural science expert with significant experience in inspiring organisational and culture change that lasts. If you’d like to chat about using Psybersafe in your business to help to stay cyber secure, contact Mark today.|