Ransomware is a risk that too many businesses still ignore or underestimate despite the frequency and impact of attacks. Thanks to the increasing sophistication of cybercriminals, these days your employees are your biggest threat in a ransomware attack.
Security standards such as firewalls and antivirus software will not protect you from ransomware attacks via phishing emails or social engineering scams. Untrained employees clicking on fake emails or providing their login information or other sensitive business data can leave you vulnerable to a raft of damaging ransomware attacks.
What Is Ransomware
Ransomware is a type of malicious software that cybercriminals use to prevent access to your systems or computer files unless you pay a fee, often in the form of untraceable cryptocurrencies such as Bitcoin. It requires minimal technical expertise, is low cost and can result in significant financial harm and severe reputational damage.
Recovering from ransomware is almost impossible without comprehensive backups, which is why taking steps to protect yourself is so important. Learn more about ransomware and how it works.
Increasing Sophistication of Ransomware
Modern cybercriminals can be incredibly clever, crafting fake emails that look legitimate. Whether it’s a genuine-looking message from a bank advising your account is overdrawn, a major brand asking you to reset your password, or even a delivery company asking you to confirm delivery information, the email can look the same as the real thing, down to logos, names and signatures.
If the email recipient isn’t paying attention to details or is naïve or untrained in basic cyber safety, they will click on the link and action the request. Firewalls won’t recognise the phishing email as a threat, and antivirus software won’t be able to protect your systems.
More frighteningly, a ‘spear phishing’ or targeted phishing attack can make employees (and your business) even more vulnerable. Spear phishing involves a hacker researching a specific target employee and then designing their message specifically for them, making it look genuine.
For instance, an employee may receive an email from what appears to be a payroll or HR employee, requesting they verify account information. Or it could be a fake message from the business owner or director, with a copied domain and signature.
Cost of Ransomware
According to Crowdstrike chief technology officer Michael Sentonas, the nature of ransomware attacks has changed in recent years.
“The days of paying a few hundred dollars to get your documents back have long gone,” he said. “The average cost has grown significantly. I’ve seen examples of attacks with demands of $US5 million, and people are paying it.”
Sophos recently released its global survey, ‘The State of Ransomware 2021’, which reveals that the average cost of recovery from a ransomware attack for an Australian or Asia-Pacific business has more than doubled in a year, increasing by more than $1million, to a staggering $2.3 million in 2021.
Educate Your Staff about Cybersecurity
As well as implementing best-practice cyber security ransomware protections, employee education is your best defence.
Implement thorough and regular employee training to ensure your employees are ‘cyber smart’ and aware of what a phishing attack may look like. Obvious signs are poor grammar, incorrect spelling, and threatening language. More sophisticated attacks use techniques such as sending an unpaid invoice, which an unsuspecting employee may be more likely to open.
Read our top tips for educating employees about cyber security.
Test Your Systems and Employees
Regular testing and training for staff have proved to help beef up cybersecurity for businesses, with many companies seeing dramatic improvements in as little as three months.
Continued training and phishing simulation emails help keep staff alert and on their toes when it comes to recognising scam emails.
Stay Informed
The best defence is a strong offence when it comes to protecting your business from ransomware attacks. As well as implementing best-practice cyber security and employee education programs, keep up to date with the latest cyber security news and practices and understand how to identify and respond to a ransomware attack if the worst were to happen.
Seek Expert Assistance
If your business lacks the skills or resources to effectively manage your cyber security and educate your employees, Surety IT can help you create a cyber security strategy, implement effective systems and procedures, and conduct employee education programs to help protect your business.
Contact Surety IT today to discuss how we can help protect your business from ransomware and other cyber security threats.
