Making headlines left, right and centre, ransomware has been around for years. It has found its way into popular culture via TV shows such as The Good Wife or Mr Robot. We know about it. Your colleagues know about it. There's a good chance your neighbours or the next person you pass on the street know about it too.
And yet, 2016 seems to be the year of ransomware — and not in the sense of the enterprise beating it. Attacks have reached near epidemic numbers. According to one recent report by Datto, an unbelievable 91 per cent of businesses worldwide have been attacked by ransomware in the past 12 months.
Even the more moderate figures show that this is now a mainstream issue: in the UK, 58 per cent of IT directors have paid attackers to get corporate files back post a ransomware attack. This begs the question: is ransomware really the corporate epidemic of our time?
Seeking a cure
The numbers above certainly seem to suggest doom and gloom. Not to mention the warning bells that have been rung about cyber criminals who are increasingly using ransomware as their go-to approach. Just consider that 93 per cent of phishing emails now contain ransomware.
And yet — and to a fair few, and this may come as news — unlike many other infosecurity threats, there is an antidote for ransomware. This is not to downplay the real-life impact ransomware has on many businesses, or deny that cybercrime in general has become more frequent and sophisticated over recent years. But there are ways to combat this growing malware strain, and that is important.
It all goes back to the basics. At its core, ransomware is a fight for control over data. Criminals breach a network and implant ransomware, which runs quietly in the background, encrypting the data stored in a specific folder or even an entire hard drive. Then when the ransomware is activated, this data is locked down by the malicious party and the user is no longer able to access it. To get the decryption key, the user must pay. And pay they do — research shows that more than half of enterprise users pay ransomware attackers. It is a lucrative business, playing on businesses’ fear for losing precious data, time and, most importantly, reputation.
The solution? Fight fire with fire. CIOs and CISOs should ensure that all company data, including information stored on mobile devices, is encrypted. Not only that — it ought to be refreshed and backed up continuously, stored securely on a standalone server or in the cloud. This means that even if corporate data comes under attack, then an updated version exists elsewhere and can be easily recovered with minimal downtime.
Forewarned is forearmed
Having safeguards in place go a long way toward providing a contingency plan for businesses in the likely occasion of a ransomware attack. Data means business, so securing it should be your number one priority.
There are several ways to make sure enterprise users are as unhackable as possible. Password vaults keep sensitive corporate logins safe and sound, so corporate systems do not become vulnerable because of a thoughtless “hello123” by an employee. Secure VPNs for working off-site are another essential measure. Both are also tied to education: while employees often have a basic understanding of Internet security, this is quick to go out of the window in real-life situations. Comprehensive training, including compelling incentives that demonstrate how harmful cyber crime really is, is crucial here. Insider threats will still exist, but simple, user-friendly measures can go a long way in eliminating unwitting data breaches.
Picking up after an attack
While good corporate cyber housekeeping is important, there is an unpleasant truth to note: something will often slip through the net. Lose sight of the threatscape for a moment and another danger rears its ugly head — like the mythical beast Hydra.
So, a contingency plan is a must. As aforementioned, encryption and continuous backup that takes into consideration the whole array of corporate data, including that which is stored at the endpoint, goes a long way. Restoration of data can be done in no time, and without paying ransom to criminals. The second aspect is data forensics. If an organisation has been breached, it needs to identify the point of entry, the kind of data that was lost, and its sensitivity level. The good news is there are multiple solutions from external providers that can act as forensic tools in a company’s internal investigation.
With the right precautions, propped up by a general optimism towards corporate security, this can be the year when ransomware meets its match in the enterprise. It is time to laugh away the ransomware threat.
Nic Scott, Managing Director for UK & Ireland at Code42
Image source: Shutterstock/Nicescene