The 2017 Thales Data Threat Report surveyed more than 1,100-plus senior security executives around the work, including the US, UK, Germany, Japan, Australia, Brazil, and Mexico, in sectors ranging from federal governments to health care, finance, and retail. It found that 68% had experienced a security breach and 88% felt vulnerable to threats.
And there’s good reason for this.
In 2015, Symantec found in excess of 430 million new and unique pieces of malware (including ransomware), an increase of 36% over 2014. The FBI reported that in 2015 there were 1,000 ransomware attacks each day and a year later, there were 4,000 a day. In 2017, Symantec reported a 36% increase in ransomware attacks worldwide over the year before.
Clearly, the problem is of great magnitude and only getting worse.
And mobile devices are particularly vulnerable. Ransomware attacks on them in the first quarter of 2017 have increased 250% from the fourth quarter last year.
The May 2017 WannaCry ransomware attack highlighted the vulnerability of financial, healthcare, academic and corporate institutions. More than 200,000 computers in 150 countries were affected — even though the software was poorly written.
The result? As much as $4 billion in lost productivity and business costs. How much would that loss increase if the coding had been done by better hackers?
Cyber Threats on the Horizon
Legacy software and unsupported operating systems are prime targets of ransomware and “many experts in the cybersecurity industry predict that 2017 will be the year of ransomware.”
A young employee of Kryptos Logic who discovered the WannaCry kill switch said,
“This is not over. The attackers will realize how we stopped it, they’ll change the code, and then they’ll start again. Enable windows update, update, and then reboot.”
And if it happens to you, there’s a high cost. About 60% of small businesses will go out of business within six months after an ransomware or cyber attack.
How to Protect Yourself from Ransomware
It’s been said over and over: “Install software updates.” But there are other steps you can — and should — take as well:
- Install antivirus software
- Be suspicious of email and popups
- Create off-network backups
- Have a security plan in place and follow it
- Conduct system audits
- Deal with vendors’ security procedures
But the issue is more complicated.
“Patch roll-outs are complex,” says Adam Meyers of cybersecurity company CrowdStrike. Adding that, “high-profile patch fiascos have made IT departments wary of automatic patch installations.” And this can be troublesome, particularly if your IT staff is short on resources and time.
Managed Hosting Providers Can Protect Against Ransomware
Managed service hosting providers can offer a terrific first line to protect yourself from ransomware. At Data Resolution, we offer enterprise-grade security that extends from your Microsoft subscription apps to our servers and all your data.
If you’re managing your network on premises, then you’re relying “on the IT experts, the equipment, the software, and the users to ensure that your valuable data is kept safe. And that’s a fair number of moving parts, often leading to security breaches,” as we noted in an earlier post.
When you partner with a cloud provider, the heavy lifting — the security, support, and performance end of your IT — becomes the responsibility of the provider. That frees up your IT team and keeps everything as secure as possible.
Our FlexIT services offer antispam and antivirus protection to ensure that all of your devices are consistently protected and monitored by our IT experts.
We also offer automatic incremental and managed backup and replication services with constant offsite mirroring to ensure you can recover your data quickly if your network is compromised.
That certainly offers a great deal of peace of mind. However, it’s important to note that employee education is absolutely vital.
Educate to Protect Yourself from Ransomware
The users of your software and your machines — your employees — are the one true constant. If one fails to update her device, clicks on a URL in a phishing email or an ad that contains malware, you’re entire network could be compromised.
No matter how good your IT team, no matter how strong your network defenses, the “common denominator in a lot of these [ransomware] cases is human error,” says attorney Edward Zacharias. Thus, employee training is essential — and not just once, but on a regular basis. And the training should start as soon as they are hired.
Attorneys at Jackson Lewis suggest you take the following steps to protect yourself and your business from ransomware attacks:
- Show employees what a phishing attack or a compromised website can look like.
- Instruct staff to think before they click on links in emails and be wary of attachments, particular if they’re zip files.
- Tell employees not to reveal any financial or personal information in an email. That goes for their own info as well as info about colleagues and customers.
- Show them how to detect a discrepancy in a URL that could indicate phishing. For instance Microsfot.com vs. Microsoft.com.
- Let employees know what they should do — and what they should not do — if they suspect an attack.
Take the Next Step to Protect Yourself from Ransomware
Enhance your security and protect yourself from ransomware, malware, and cyber attacks by working with Data Resolution and its enterprise-grade security offerings. Give us a call at 887-885-2649, or contact us today. We’ll listen to your concerns, discover what you need, and work with you to protect you from the ongoing threats.