Ransomware: What Grand Rapids Business Leaders Need To Know
If you were in the room with a team of cybersecurity experts and someone said, “we’re being hacked,” in all likelihood, they would open their laptops and respond in kind. Tell that same group that your business just received a ransomware payment demand, and you might see expressions of crushing defeat.
For every scheme a cybercriminal levels against a business network, there is a myriad of countermoves. But ransomware attacks are often so thorough and sophisticated that industry leaders typically call upon a team of negotiators to broker a deal. According to Forbes magazine, the average cost of a ransomware payoff doubled to more than $84,000 during the fourth quarter of 2019. That figure does not account for peripheral costs such as downtime and recovery.
If you are a business leader, it’s crucial to understand that not all cyber-attacks are equal or resolvable. That’s why it’s in your best interest to understand how ransomware attacks are carried out, what you can do to prevent becoming a victim, and why these rank among the greatest threats to your organization, bar none.
How Does A Hacker Deploy Ransomware?
One of the things that makes ransomware so terrifying comes from its simplicity. Hackers typically lace seemingly ordinary emails with malicious software in the form of files or links. They may release thousands of random messages in hopes someone makes the fatal error of opening one.
More sophisticated hackers may craft specialized electronic messages to gain one of your employee’s confidence. One misstep and the ransomware infiltrates their device and uses it as a pathway to seize control of the organization’s digital asset. Ransomware is insidiously simple and inexpensive for criminals to deploy.
Who Are Primary Ransomware Targets?
The notion that hackers are either evil geniuses or online thugs is a general myth. Many of these criminals operate under a similar business model as other industries. The critical difference is that, for them, crime pays.
Cybercriminals who deploy ransomware dispassionately attack any and all organizations. These may include small businesses, universities, large corporations, and some are bold enough to go after government agencies. A Crowd Strike report called “The Evolution of Ransomware: How to Protect Organizations from New Trends and Methods” indicates that several major municipal governments were devastated in 2019.
“High-profile attacks that crippled multiple U.S. cities, including Baltimore, Maryland, and Park City, Utah, made headlines in 2019. However, those attacks reflect only the public side of a much larger cybercriminal industry that is constantly innovating its capabilities,” the Crowd Strike report states. The resource goes on to predict that ransomware losses could exceed $20 billion by 2021, up from only $345 million in 2015.
A cybercriminal could be thousands of miles away, beyond law enforcement’s reach and they know it. That being said, many online thieves tend to be practical about their targets. They usually seek the path of least resistance. These days, undertrained and newly-minted remote workers are considered the low hanging fruit. That said, the primary target of a ransomware scheme is the organization that fails to train its employees and harden its cybersecurity defenses.
Industry Leaders Are Targets Of “Big Game Hunting”
Bulk email deployment, also known as “spray and pray” methods, ranks among the more prevalent strategies. But savvy hackers develop the confidence to hone in on specific organizations and high-profile targets. Commonly called Big Game Hunting (BGH), cybercriminals focus their attention on corporations that have increasingly valuable digital assets.
Rather than deploy thousands of electronic messages, hackers target CEOs, entrepreneurs, and decision-makers with wide-reaching network access. The conventional wisdom is that BGH can help a thief secure a huge payoff. Keep in mind that ransoms, typically paid in Bitcoin, are dependent on the victim’s ability to pay. A recent Crowd Strike Global Threat Report indicates the sophistication of these attacks has increased substantially.
What Are Hidden Costs Of Ransomware?
When big ransomware payouts are made, they tend to make splashy headlines. But the price a digital thief exacts from an organization may be just the tip of the iceberg. The underlying costs often have a debilitating effect on your operation. Consider how non-ransom losses reportedly impact these organizations.
- U.K.’s National Health Service: When the WannaCry attacks hit in 2017, more than 200,000 devices were impacted and the NHS ground to a standstill for days. The health service was forced to cancel or postpone surgeries, appointments, and emergency rooms could not access digital health files,
- Maersk: This Danish logistics corporation suffered upwards of $300 million in disruption losses and a 20-percent decline in shipping volume due to a single ransomware incident. Maersk was also forced to buy approximately 45,000 computers and install 2,500 new applications while locked out for more than 10 days.
- Nuance: This tech vendor reportedly doled out $68 million in customer refunds because service was interrupted due to a ransomware attack. Nuance then paid $24 million in restoration costs, adding insult to injury.
According to Acronis, a data backup and recovery tech outfit, ransomware attacks on businesses surged to one every 14 seconds in 2019. That figure increased from one every 40 seconds the previous year and more than 70 percent of targeted organizations are infected.
Are Ransomware Attacks Preventable?
Although ransomware ranks among the most ferocious hacking schemes on the cybersecurity landscape today, forward-thinking business leaders can harden their defenses and deter them. By working with a managed IT cybersecurity professional, decision-makers can create a strategy with protocols to deter this type of infiltration. These are ways you can harden your organization’s defenses.
- Upgrade to Enterprise-Level Antivirus Software & Firewalls
- Install Multi-Factor Authentication for Employee Login Profiles
- Use Virtual Private Networks
- Patch All Software in a Timely Fashion
- Employ Zero-Trust Network Access Polices
- Backup Data to Multiple Secure Locations
- Provide Ongoing Cybersecurity Awareness & Training
Determined cybersecurity defenses are mission-critical when it comes to preventing a potentially business-crushing ransomware attack. But by enlisting the support of a third-party cybersecurity firm, you can stop being the low hanging fruit.