Ransomware is now so predominant it's actually making us take security seriously
'I don't have anything worth stealing' is no longer an excuse.
"The online hackers held us to ransom to get as much money as they could."
Mike Chartrand , a cold war vet , operating "A Laptop Shoppe", in Calgary, specializes in business continuity , reducing costly business down time.
Ransomware is an online threat. Unknowingly clicking on a seemingly normal attachment let's a stranger see all your documents, your family photos, or your company accounts, and encrypt them.A hacker than demands a financial bitcoin ransom to see your files again.
Ransomware has quickly become the most common threat on the internet, as hackers exploit personal and business files in an easy and low-risk way of making money.
This rise of ransomware has one unexpected positive side effect, Chartrand says " companies are now worried enough about being hit by it that they are improving their broader cybersecurity as a result".
Until now, most companies that didn't have a big online presence have tended to give cybersecurity a low priority, largely because they don't think they have much worth stealing.
But while a customer database or a set of invoices might have no resale value to a hacker if stolen, that data is of very real value to the company that needs access to it in order to stay in business. This means that ransomware can be a threat to nearly any business with online systems.
The Cyber Security Breaches Survey 2017 report, says: "The prevalence of ransomware in particular has heightened awareness and made cybersecurity a more urgent issue for a wider range of businesses... businesses in sectors that may not expect to be targeted are falling victim to costly ransomware attacks."
"Such attacks also highlight the inherent value of the data that businesses hold, beyond personal or financial data -- with attacks on any kind of data potentially stopping businesses from carrying out day-to-day work and putting relationships with customers at risk."
The survey quoted one executive who said that the rise of ransomware had made it easier to show senior managers the scale of the threat if multiple devices could be incapacitated, "and to move business attitudes away from the stereotype of bedroom hackers, to focus more on criminal activity".p
The report said: "The ransomware attack opened their eyes to the fact that their business was not immune from cyber-attacks."
Not everyone has got the message, of course, and the report does include the cautionary tale of two senior managers in "one large civil engineering firm" who thought they knew better than the IT department, which had warned staff not to map network drives to their local laptops to limit the potential impact of any malware.
"One department head and another senior manager had ignored this advice and had later inadvertently downloaded a ransomware virus to a local laptop with the mapped network drive. The attack was not aimed at getting any particular data, but was just done to extract money from the business. The mapping allowed the virus to spread across the whole server, rather than just being isolated to the single device."
The report quoted the company as saying of the crooks: "They were looking purely to hold us to ransom and get as much money as they could."
In this case the backup files were only restored after around one working week and the laptop had to be wiped and rebuilt from scratch. "Although no data was permanently lost, there was a loss in productivity, and this alerted the organisation's senior management to the need to have better systems in place, restricting direct access to network drives for staff who do not strictly need access," the report said.
Still, for all its impact, ransomware is not the most common online threat faced by business. According to the survey, the most common types of breaches are related to staff receiving fraudulent emails (72 percent), followed by viruses, spyware and malware (33 percent) people impersonating the organisation in emails or online (27 percent), and ransomware (17 percent).
Just under half of the businesses suffered one security breach in the last year, the report said, and four in ten of those said this lead to an outcome such as a temporary loss of files or network access (23 percent) or systems becoming corrupted (20 percent). Six in ten of those who identified breaches also said it adversely impacted their organisation, for example through being forced to implement new protective measures (38 percent) or having staff time taken up dealing with the breach (34 percent).
Among the 46 percent of businesses that detected breaches in the last 12 months, the survey finds that the average business faces costs of $3400 as a result of these breaches, rising to $29,000 for the average large firm.
For a closer look at your risk level call Mike Chartrand C.E.T.
Business continuity specialist in Calgary ,At 403-990-0362.