By Devin Partida, Editor-in-Chief, ReHack.com
Ransomware is an ever-prevalent threat to leaders in various industries. The most severe attacks force people at affected organizations to use pen-and-paper methods and take all digital platforms offline.
Here’s a closer look at the current ransomware situation and what it means for business owners and cybersecurity professionals.
Businesses Must Prepare for Ransomware Attacks
Company leaders cannot assume ransomware attacks will not affect them. Data published in 2021 showed that 61% of businesses polled experienced ransomware disruptions in 2020. That was a 20% increase from statistics collected for the previous year.
Another worrisome finding was that 43% of respondents cited a lack of worker cybersecurity knowledge as one of their company’s most significant weaknesses against online attacks of any sort. The research confirmed that one in five workplaces have ongoing cybersecurity training programs for workers more than once a month. That’s a start, but it also highlights room for improvement.
Employee education is not the only way to minimize the likelihood of a ransomware attack. However, it’s a crucial element, especially since hackers often use malware and phishing emails to target unsuspecting workers.
Double-Extortion Ransomware Attacks Becoming More Common
There was a time when ransomware attacks primarily involved eliminating a victim’s access to files. However, so-called double-extortion attacks have become more commonplace. A recent poll found nearly 40% of respondents selected that type as the kind experienced most often.
In such cases, the hackers lock down data, then threaten to leak it. The issue then extends beyond companies losing data and expands to instances where customers, supply chain partners, and other stakeholders could suffer identity theft.
Ransomware attack recovery is already costly enough without the extra damage caused by leaked data. For example, an attack on managed service provider CompuCom led to losses exceeding $20 million and caused numerous operational disruptions.
Ransomware Entry Points Vary Based on Company Size
Cybercriminals orchestrating ransomware attacks try various methods to infiltrate a company’s network. Data compiled by Covewave from the first quarter of 2021 confirms that they try different attack mechanisms based on a company’s size.
For example, at companies with 10,001 to 25,000 employees, hackers almost exclusively use email phishing attacks to break through a network. However, software vulnerabilities are the most common problems that help cybercriminals carry out ransomware attacks at enterprises with 10 or fewer employees. Software issues get exploited in approximately 75% of cases for such companies.
Safeguarding against phishing attempts becomes more manageable when employees learn to verify a sender’s authenticity before providing them with the requested information. Then, the best way to deal with software vulnerabilities is to stick to a consistent update schedule. Activating an automatic update feature is an ideal way to stay on top of the matter.
Preparedness Against Attacks Brings Confidence
A 2021 Sophos study suggests that one of the best ways for business leaders to prepare for ransomware attacks is to invest in IT professionals who know how to stop them. The data indicated that 60% of respondents had trained IT team members to halt ransomware attacks.
That know-how is a vital element but not the sole necessary component. For example, 52% of companies also said they’d invested in anti-ransomware technology. Then, 37% indicated they could restore data from air-gapped backups if necessary.
Implementing various strategies to minimize ransomware effects is essential. When company leaders know preparedness measures exist, they shouldn’t feel so compelled to cave and pay the ransom. Doing that doesn’t often succeed, anyway.
The Sophos study revealed that 32% of affected parties paid the amount to have their data restored. But, in 65% of such cases, doing that only enabled getting some of the content back. Only 8% received all of it.
Ransomware Remains a Threat
Ransomware is not going away. Instead, numerous statistics emphasize it’s only getting worse. However, becoming familiar with a company’s vulnerabilities and committing to addressing them are excellent best practices for business leaders and cybersecurity experts to pursue. Doing those things doesn’t eliminate ransomware threats, but such actions greatly reduce the risks.
Devin Partida is an industrial tech writer and the Editor-in-Chief of ReHack.com, a digital magazine for all things technology, big data, cryptocurrency, and more. To read more from Devin, please check out the site.