Ransomware Attacks Are on the Rise: Now What?

Article by Avatara’s President, Ben Scully, originally published in ReadWrite.

The past year has seen a significant rise in ransomware attacks. Why? For a couple of reasons, really. First, if a cybercriminal wants to launch an attack these days, they don’t need cutting-edge skills and software. Instead, they can strike a deal for what is now called cybercrime-as-a-service (CaaS), which allows hackers to offer their skills to anyone willing to pay. One CaaS “vendor” could potentially launch hundreds or even thousands of new cybercriminals. Needless to say, the likelihood of any given business getting attacked is exponentially higher each day. Second, increased vulnerability is just a part of the new normal created by the pandemic. Right now, 16% of companies are fully remote, and 62% of workers say they work remotely at least occasionally.
With more people working from home than ever, personal networks and devices are vulnerable — and cybercriminals are circling.
With this new normal upon us, it’s time for businesses to adjust.

Our Experience With Ransomware

It’s easy to hear cybercrime statistics and say, “It won’t happen to our company,” or “That’s an easy fix.” But we’ve seen it happen multiple times — and how disruptive one of these attacks can be for your entire company.

For example, a prospective customer had to come to us after experiencing a ransomware attack. The company suffered severe downtime, among other things, leading to drops in revenue and damage to the public profile. The source of the breach, the company’s previous IT provider, took the biggest hit. It had to pay a sizable ransom to recover stolen data; worse, it lost credibility with all its clients.

The lesson here? There’s always room for improvement.

Cybersecurity is an ever-evolving practice that requires a layered approach. 

I always recommend allocating at least 20% of your IT budget for security. Perhaps that’s why cloud infrastructure spending was up more than 13% year over year at the end of 2021. Securing your systems from intruders is a smart long-term investment and reputation saver — if committed to fully.

Stay Safe From a Breach

Given this reality, leaders need to be vigilant against ransomware attacks. But it’s often hard to know how to do that. Here are some recommendations executives should consider:

1. Secure your data in a private cloud. 

Protecting your data should be your main priority because that is exactly what cybercriminals will attempt to take for ransom. You should first ensure all your data resides exclusively within a private cloud system. You don’t want to use any third-party or public cloud data repositories, as they cannot be adequately secured.

A private cloud means you aren’t sharing resources with others. That said, it’s still flexible enough to mold itself to how you want to host and manage your data. Migrating to a private cloud system might also provide a good opportunity to rethink how you organize your infrastructure.

2. Use the right tools. 

A formidable ransomware protection plan is only as good as its tools. Be sure to only rely on the right ones. Leverage sophisticated automation, monitoring, and provisioning systems to guarantee consistency and compliance.

Make sure your solutions provide a few specific features. One is the ability to sort data from multiple scans. Another is the ability to create a plan of action and milestones to inform you of any vulnerable areas or compliance issues. Sound cloud systems offer such built-in tools, so don’t plan on reinventing the wheel with these fundamentals.

3. Train your staff well. 

You can have the best private cloud and tools possible, but if your vulnerabilities are with humans, it’s all for nothing. Therefore, you must require cybersecurity awareness training for every single employee.

What should that entail? Understanding basic phishing attacks and other breaching methods is a start.

You also need to provide continuous education to keep employees abreast of the latest cybersecurity concerns and what to watch out for. 

These lessons can be taught through meetings, weekly bulletins, and other methods.

4. Prioritize data access control. 

Be sure to have and enforce strict company policies about data access control. Keep things as locked down as possible, and hire a dedicated specialist to continually monitor any changes to data access.

That person should be working from a “zero trust” model, the most conservative and protective cybersecurity approach. It greatly reduces who can access which bits of data in your system, which is just what you want. Remember, the more people you grant access to your data, the more likely a data breach (and the ransom that follows) will happen.

Ransomware isn’t going away. Leaders who bury their heads in the sand about this issue are really just waiting for a costly attack to happen. 

Instead, be proactive. Invest in private cloud storage, advanced cybersecurity controls, staff education, and limited data access. Start there, and you can limit your business’s risk and protect its long-term value.