The rise and rise of ransomware
Ransomware is on the rise. In 2016, 40% of businesses across the globe reported ransomware attacks. That figure is even worse in the UK, with over 54% of businesses being targeted. There’s no denying that ransomware is a threat, but what is it and why are businesses leaving themselves vulnerable to it?
Ransomware is a particularly nasty form of cybercrime. It’s less about stealing data, and more about holding it hostage while demanding a payout. Ransomware attackers will breach a company’s security and take control of important documents, effectively blocking the businesses from accessing them. These documents could be of a sensitive nature (e.g. customer information or confidential data) or could be fundamental to the day-to-day running of a business. Many businesses will pay the ransom just to get back to normal and continue trading.
Part of the reason ransomware is on the rise is its sophistication. As technology improves, so do the techniques used by cyber criminals. In fact, most ransomware these days even has a pre-programmed time delay which enables it to be set-up days or weeks before an attack takes place. This makes the ransomware difficult to find, and its origin harder to determine. That’s why it’s essential that businesses focus more on prevention than detection, a fact that still eludes many business owners.
Ransomware attackers do not discriminate between businesses. From individuals and small businesses to universities, libraries and hospitals, all organisations are vulnerable. If you have important information stored of any kind and your security measures aren’t up to scratch, you’re an easy target for cyber criminals.
Security and business growth
One of the most common mistakes made by small businesses is their failure to adapt their security systems as they grow. It’s one thing to have a good network security solution in place when you start out, but if that system doesn’t grow with your business you’re going to make yourself vulnerable. Often, this is something that’s pushed aside by small businesses as they’re too focused on performance and ambition – it’s only natural – but the risk only gets greater as your business grows.
Neutralising the threat
So how do you stop your files from being held hostage? For starters, it’s imperative that businesses develop a ‘culture of untrust’, which means that all sensitive information on the inside needs to be secured. Having a blanket security measure in place that protects the organisation as a whole is important, but when it comes to ransomware it’s often inside access that gives attackers the edge. You should ensure that:
- All sensitive information is encrypted as it is transferred
- Only employees that need access have access (tiered security)
- Processes are in place to track and record when sensitive data is accessed
Remember that no company is too small to experience a ransomware attack. Often companies are targeted not based on their size or profitability, but their vulnerability. Cyber criminals are opportunists and will simply go for the easiest and most vulnerable business.
It’s easy to think that ransomware and its effects exist solely within the business. It’s a consuming and draining process after all. However, depending on your industry there’s likely to be more collateral damage from a ransomware attack than a simple breach. There will be an inevitable effect on the relationship you have with your clients/customers and the way your brand is perceived, not to mention the added friction that can be caused as people start pointing the finger. Whose fault was it? Why did this happen? Who was managing our cyber security?
More than ever it’s important for businesses owners, regardless of size, to ‘own’ their risk. Risk isn’t a tangible thing, but it can be quantified by attributing value to data and putting necessary processes in place to protect it. All business have to balance performance with risk, and owning that risk can have extremely positive effects on the day-to-day running of your business while also making you less of a target for would-be attackers.
No business is immune from ransomware attacks. Own the risk and rise above it.