Protect yourself from ransomware threats

Leveraging Technology to Succeed in Business View web version

Weekly insights and advice on using technology to achieve small business success BUSINESS CRITICAL November 23, 2021 Ransomware is a threat, even for the smallest of businesses The holiday season is upon us—and so are the ransomware thieves. By: Steven J. Vaughan-Nichols If I've heard it once, I've heard it a million times: "My business is too small for a cyber crook to bother with me." Oh, my friend you are so, so wrong. No company is too big or too small for a ransomware dealer to come knocking at your virtual door. A recent report from Webroot, The Hidden Costs of Ransomware, found the vast majority—85%—of managed service providers (MSPs) have reported attacks against small and midsized businesses (SMBs). Despite that appallingly high number, just 28% of SMBs consider ransomware a worry. You should. These days anyone who needs some holiday money can launch a ransomware attack. Thanks to ransomware-as-a-service on the dark web, all a crook needs is some BitCoin and they're off to try to crack your business. According to security company Sophos, ransomware-as-a-service now comprises almost 60% of all ransomware attacks. The fact that some of these would-be crooks have discovered that their ransomware partners aren't trustworthy is darkly funny, but in the meantime, the attacks keep coming.

A simple fact: Just because you won't be hit with multi-million dollar demands that make headlines doesn't mean a ransomware extortion attack won't cost you weeks of work and tens of thousands of dollars of blackmail money. Look at what's already happened. Webroot also reports that of those businesses already attacked, 64% suffered some downtime and 45% were knocked offline long enough that their very business was threatened. And the cost of that downtime came to $141,000. (In 2020, it was only $47,000.) That's not even counting the average ransom request of almost $6,000. Can your business survive that? Mine couldn't. Adding insult to injury, a recent survey of security professionals by Cybereason found that nearly half of the respondents felt they didn't have the right tools to fight back—and they're particularly unprepared for attacks over the holidays. Who wants to come back after Thanksgiving and find their PCs and servers locked up with a ransomware demand popping onto the screen? I could preach about the need to deploy in-depth ransomware protection, but you're not going to be able buy and set up a solid security system between now and the end of the year. What you can do, though, is start practicing some security basics that should see you safely through the next few weeks. Before getting into some specifics, let me remind you of something I've always known (and the 2021 Verizon Data Breach Report spelled out in no uncertain terms): 85% of breaches involve a person making a security blunder like opening a phishing message, pretexting, or some other social engineering mistake. When dealing with anyone, you must not only trust but verify that they're who they say they are and that they need the information they're asking you for. If that sounds paranoid, well, as the joke goes, "It's not paranoia if they really are out to get you." And, these days, I'm sorry to say that they really are out to get you. Now moving on to some simple specifics to keep you safe:   Keep your operating system patched and updated to ensure you have fewer vulnerabilities to exploit. Don't install software or allow administrative privileges unless you know exactly what it is and what it does. Never click on an email, instant message, or groupware—aka Slack or Teams—link, unless you know it's safe. Buy easy-to-use, inexpensive endpoint security programs such as Check Point ZoneAlarm Anti-Ransomware or Bitdefender Antivirus Plus. Create back ups of at least three or more copies of your data, including one off-site that's not networked with your production environment. Then, make certain that the back ups are good and can be used to restore your systems. Do all that, and you should make it safely through the holidays and into 2022. Then, keep taking these precautions from now until you sell your business. It's literally the least you can do to keep your company safe from ransomware and most other attacks.

Beware the Chinese ransomware attack with no ransom A different hacking tactic could be a way to distract victims from the perpetrator's true motive. Read more.

Insurers run from ransomware cover as losses mount Insurers have halved the amount of cyber cover they provide to customers after the pandemic and home-working drove a surge in ransomware attacks that left them smarting from hefty payouts. Read more.

48% of employees at surveyed companies asked by hackers to aid ransomware attacks Companies already have enough to worry about defending themselves against external cyberattacks. Now adding to that worry could be the possibility of internal threats. Read more.

Lawmakers dig for details in federal response to ransomware The need to strengthen cybersecurity in the United States continues to be treated mostly as a bipartisan issue, as demonstrated in the House Oversight and Reform Committee hearing held today on how to crack down on ransomware. Read more.

Zero trust: An answer to the ransomware menace? Zero trust is the latest buzzword thrown around by security vendors, consultants, and policymakers as the panacea to all cybersecurity problems. Read more.

The pros and cons of mandating reporting from ransomware victims On Oct. 5, Sen. Elizabeth Warren and Rep. Deborah Ross introduced the bicameral Ransom Disclosure Act (RDA). This is the third bill, proposed over the past four months, meant to address an increasing threat of ransomware attacks. Read more.

About the Author Steven J. Vaughan-Nichols, aka sjvn, has been writing about the intersection of business and technology for over 30 years. He continues to scoop up awards for his valuable insights and practical guidance in highly technical publications, business & technology magazines, and mainstream newspapers.

Privacy Policy | Manage Your Subscriptions | Unsubscribe Advertise with us | More Newsletters | Our Brand ©2021 IDG Communications, Inc. 140 Kendrick Street Building B Needham, MA 02494