Cyberattacks continue to grab attention, with large-scale breaches disrupting some of the world’s largest companies. Britain’s National Health Service, FedEx, Honda, Merck, Mondelēz International, Nissan, Renault, and Telefónica are just a few on a growing list. While these companies are high-profile targets, the intent is changing, and so is the victim.
No longer are hackers bent on embarrassing companies by overloading their systems to inhibit services through distributed denial of service attacks or defacing their websites. Hacking has evolved from a disruptive enterprise to a lucrative one, and ransomware has emerged as a growing business.
More Players, Less Risk, More Reward
A bad actor no longer needs to understand detailed coding. There is an ecosystem of groups that sell the exploits and another set of groups that rent out services for running them. That means more people have the ability to operate ransomware campaigns. The rise of cryptocurrencies like bitcoin has only accelerated the problem. Why rob a bank when you can get a lot more money with a lot less risk through a ransomware attack? We should expect more attacks in the near future that are stronger, smarter, and larger.
But ransomware isn’t evolving just technically and financially. It is going to act like any other business and seek new markets. The large companies are working hard to defend themselves, and they have the budgets to do it. The next big market for ransomware is small and medium-sized businesses, and it’s not just those that are information-oriented.
Every business now depends on some level of computing to do order processing, billing, shipping, and even shop floor management. If ransomware strikes, it may seem cheaper to pay the ransom than forgo the revenue that will be lost when business can’t continue. However, even paying the ransom doesn’t guarantee data is returned or the business won’t be targeted with another attack.
Combat the Attack: Preparing for What’s Coming
Don’t think your organization is too small to be a target or that your data isn’t valuable to a hacker. Everyone should put these three best practices into place to mitigate the cyberattack threat:
- Keep your systems and software up-to-date: While it is impossible to fully combat the unknown, companies should systematically install hardware and software patches so their systems are as secure as they can be. Zero-hour attacks, which are previously unheard-of attacks that exploit a known vulnerability and which recently held hostage two European universities’ computer systems, can be avoided with consistent updates. If you don’t have the resources to update your systems and software in a timely fashion, consider the benefits of cloud-based services to manage updates for you.
- Train your employees: Employee training on tactics like not clicking on email links and frequently backing up files can minimize the consequences of an attack. It could also mean the difference between a little lost time and a lot of lost revenue.
- Implement advanced threat protection: The combination of a strong firewall and a solid email security solution places roadblocks on malware’s most likely entrance points. Without these levels of protection in place, hackers can march leisurely into your network at almost any time.
Today’s cybercriminals have shown a maddening ability to bypass security measures and exploit simple weaknesses. The companies that start making serious efforts to get in front of this problem now are the only ones that will be able to defend themselves in the future.
[su_box title=”About Nigel Johnson” style=”noise” box_color=”#336588″][short_info id=’103143′ desc=”true” all=”false”][/su_box]
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.