This year cybercriminals have focused their sights on many organizations, using different methodologies such as riding on the supply chains of SolarWinds and Kaseya, to hitting large and small organizations including Colonial Gas, JBS Foods, schools and towns. Ransomware attacks are up 151% this year, according to Sonic Walls’ Midyear Threat Report. The trends suggest that the attacks are not likely to stop.
The impacts are significant, including the loss of revenue, reputation damages, and unplanned workforce reductions, as well as the potential for unrecoverable data loss.
According to a recent Cybereason report, “Ransomware: The True Cost to Business,” global ransomware damages are projected to reach $20 billion this year. The average payout per organization rose from $6,000 in 2018 to $178,000 in 2020. Unfortunately, 80% of organizations that paid a ransom were hit by a second attack within weeks of the first attack – almost half were hit by the same threat group.
The one constant has been that cybercriminals change their tactics. They have made direct attacks to large companies who are able to pay sizeable ransoms, as well as attacked smaller organizations through so-called “supply chain” tactics by which they piggyback on a technology provider to gain access to the IT infrastructure. Cybercriminals are learning from each experience and creatively determining their next approach.
Organizations must learn from these experiences in order to protect their business. Some of the lessons relate to technology, but many are simply the best practices that will help keep your business safe and sustain operations during and after a cyber-attack.
Train Employees on Cyber Safety
Ben Franklin coined the phrase, “An ounce of prevention is worth a pound of cure.” This axiom absolutely applies to ransomware and cybersecurity in general. Your exposure to a cyber-attack is significantly reduced if employees know how to detect and react to suspicious emails, the importance of more secure password protection strategies, and proper use of your organization’s workstations, laptops and any device connected to a network. Even practices that may appear innocent like having passwords on sticky notes on the monitor may be exactly the opening a cybercriminal needs to get into your network.
This is the simplest lesson to implement, and it helps to reduce human errors that give cybercriminals the opening they need to get into your network. During security audits, we find that employees have put passwords on sticky notes attached to their monitors, left server rooms unlocked, or allowed staff to connect to the network with unauthorized devices. Not all cybercriminals live in foreign countries or have ties to crime networks like REvil, who was behind the Kaseya Independence Day attack.
Work with your Managed Service Provider (MSP), technology providers or cyber insurance carriers to find sources of good training materials and if necessary, develop customized training for your organization. Key areas to cover are how employees can identify phishing and other cyber-attacks, safe web browsing, data security practices, as well as informing employees of your organization’s password, device management and incident response policies.
NOTE: This is part in a series of blogs on “Ransomware 2021: Lessons Learned” that we will be posting on our website. For more information on how cybersecurity training or to have Flagship conduct one of our security assessments, please complete the form below.
For more information on cybersecurity training options, please complete the form below.