Although ransomware attacks continue to increase, many organizations still don’t believe that it could happen to them or that they should do anything to prepare for such an attack. As IT Service Providers, MicroAge has cybersecurity discussions with clients everyday and we hear various reasons why organizations believe what they believe.
In today’s article we will look at some of the most common erroneous beliefs about ransomware and why they could be detrimental to an organization’s cybersecurity strategy.
1. We are too small
We hear this refrain often in our conversations with organizations. Whether it’s because the ransomware attacks we hear about in the news are on larger enterprises or the organizations truly believe that they don’t have any data that cybercriminals would be interested in, this belief is a dangerous one.
Consider the following, according to Verizon’s 2022 Data Breach Investigations Report, ransomware attacks have increased by 13% which is an increase greater than the last five years combined. The report also indicates that ransomware leads the way in terms of breach methods against SMBs and is responsible for 80% of the breaches.
So why do threat actors go after SMBs? There are two main reasons:
- Typically, SMBs have less resources and less budget to put in place the controls and protection that are needed to reduce the risks of ransomware attacks. This makes SMBs an easier target for threat actors.
- The myth SMBs continue to believe, is that they don’t have anything worth stealing. When they look through their emails and data, they often find sensitive or confidential information just waiting to be stolen. Things like employee banking information … or maybe, partner banking information. Agreements that have been emailed back and forth containing confidential details such as pricing or intellectual property information. Often, the SMB is not the final target, but they do have information that may lead to bigger targets because they are part of the supply chain for the larger organizations.
The bottom line is, SMBs are not immune from ransomware attacks. Organizations of all sizes and from all industries are targets. No organization can afford to underestimate the risk.
2. It will happen and there is nothing we can do about it
In our conversations about cybersecurity, we often say that it’s not “if”, an attack will occur but “when” it will occur because, truthfully, there are no guarantees, even with good cybersecurity controls and protection. However, that does not mean that organizations don’t have options to reduce their risks. The idea is to put in place the protection that will reduce the likelihood of being attacked and ensuring that important or critical data is protected should an attack be successful. Here are a few things organizations can do to defend themselves and protect their data.
The most common way ransomware is propagated within an organization is through tricking users to click on a link that downloads a file enabling malware, commonly known as phishing. The best way to defend against this, is a combination of endpoint protection and cybersecurity awareness training. Endpoint detection and response or EDR solutions can stop malicious emails before they get to the end user. Be aware that traditional antivirus without the EDR capability should be considered dangerous and obsolete. Cybersecurity awareness and training for all users helps them to identify potentially malicious emails. The combination of these two lines of defense helps to proactively protect against ransomware attacks.
The ransomware business model thrives on data. Data drives businesses today and losing data or losing access to data can have serious repercussions. This is why ransomware is so successful. Businesses need to ensure they protect their data and make sure that the data is backed up so it is accessible in the worst case scenario.
3. We have backups, we are fine
As we mentioned above, having backups of data is crucial to any sound cybersecurity strategy. But backups need to be maintained and monitored to ensure that the data is indeed being backed up properly and can be restored when the need arises. Organizations need to determine the cadence of their backups which is dependent on the type of data that is being backed up and how quickly it needs to be accessed. In addition, organizations need to ensure that at least one of the backups is immutable (can’t be changed or is inaccessible to threat actors). All of this is to ensure that the data is accessible when needed and that downtime is reduced to what the organization has determined to be an acceptable time period. If your business gets hit with an attack, you can and should expect some downtime.
It is not enough for businesses to say that they have backups, they truly need a well thought out disaster recovery plan as well as a business continuity strategy that will help them get back on their feet as quickly as possible.
Ransomware is not going away anytime soon. With the right cybersecurity solutions and services in place and a partner like MicroAge to help put them in place, organizations can reduce the risks of a ransomware attack. Call us today to see how we can help you.