Ransomware: An emerging cyber risk the middle market must prepare for
Recent ransomware incidents have made global headlines, with a wave of unprecedented attacks infecting companies worldwide. While many middle market companies assume they are not a target for cyberattacks and are too small to interest hackers, the opposite is actually true. The ransomware threat, in particular, is very real, and risks are more prevalent for smaller companies than larger organizations because of differences in the depth of resources and education.
Ransomware typically spreads through extensive email campaigns sent by a hacker, and does not target a specific business. If a user clicks on a link or attachment, a malware program launches that locks a computer’s screen with a message communicating that files have been encrypted. That message also presents a ransom note, detailing the amount necessary (typically via bitcoin) to unlock files before they are permanently destroyed. This amount often increases over time, for example doubling after three days.
Ransomware has become the most widespread security threat facing middle market companies, growing exponentially due to its simplicity of execution and its potential to collect large ransoms from victims. While traditional hacking is difficult, ransomware kits can be inexpensively purchased on the black market and require no technical skills. With large attacks launched indiscriminately, victims come directly to the attacker, rather than the hacker having to seek out targets, infiltrate systems, and locate and sell data.
Traditional hacking is often perceived as targeting large companies, but ransomware turns that structure on its head. Since ransomware is not a targeted crime, smaller companies are more vulnerable to attacks, because they typically have less sophisticated incident response, security awareness and system patching processes in place.
While the threat is very real, middle market companies can easily implement four key defenses to protect critical systems and files, and effectively counter ransomware threats.
Simply speaking, an educated staff is your best defense. A custom security awareness program helps your employees understand ransomware risks, what to look for and how to respond. The program should be continuous and updated to include new threats, tested with regular social engineering exercises, and engaging enough to help ensure widespread user adoption.
The next line of defense against ransomware is to prevent infection, should a user click on a malicious link. Symantec data recently found that 75 percent of breaches leverage exploits where a patch is available, and 78 percent of scanned websites exhibited known vulnerabilities.
Therefore, your organization should develop a comprehensive inventory of systems and applications in your environment, as well as a program to identify, prioritize and apply patches to software. Be sure to consider applications such as Microsoft Office, Flash and Java in addition to operating systems and antivirus programs.
Unfortunately, hackers and their methods are becoming increasingly sophisticated, and harmful emails and websites can look very legitimate. You must be prepared with robust data backup programs to address a ransomware attack if it happens to you. A comprehensive program includes data mapping to identify what and where data is, ensuring that backups are complete and offline from the network, and comprehensive, regular testing protocols to ensure the data can be restored.
Incident response planning
Decisions on whether to pay a ransom and how to respond should not be made in the middle of a crisis. Accordingly, an incident response plan and team must be established. The team should include a law firm, digital forensics professionals and public relations resources. Your plan should be tested and updated on a regular basis through tabletop exercises.
In addition, your organization should proactively decide on a stance toward paying ransom. Many middle market companies are setting up a bitcoin wallet in advance, as a precaution. Establishing a bitcoin account can take up to a week, and internal protocols can extend that timeline, creating a delay that could result in increased ransom or the outright loss of critical files.
Despite its explosive growth, many organizations may not fully understand the potential for ransomware infections within their systems. However, while middle market organizations are at an increased risk for these attacks, implementing proven defense measures can increase awareness, prevent attacks and effectively respond to potential incidents.