Try as they might, companies are often unprepared when it comes to the security of their IT infrastructure. While organizations have to do everything in their power to plug up every single vulnerability in their systems, hackers only have to find one to be successful in their attack. What's more, the wide variety of techniques cyber criminals have to choose from means that businesses just can't predict how they'll be hacked.
Out of all the different tools hackers have at their disposal, few are as frightening as ransomware. This specific type of infection gathers all of your data and encrypts it, forcing you to pay a large sum of money in order to access it again. While such an attack is bad enough for a single individual, advancements have allowed this ransomware to spread to throughout a network, threatening the livelihood of entire companies.
On top of that, ransomware attacks are becoming increasingly more common. CNN reported that the FBI had around 2,500 reports of ransomware infections in 2015, and that only counts the people willing to actually step forward rather than sweep such an incident under the rug, which is sadly what a lot of companies do in order to save face.
Although this form of malware is dangerous and can take a serious bite out of a companies profits, the risk of an infection can be lowered if administrators are willing to put in a solid amount of preparation.
Organizations think they're more prepared than they are
Unfortunately, a major problem surrounding this type of infection is the fact that a lot of institutions believe themselves to be more in control of their cyber security than they actually are. A Trend Micro survey surrounding multiple topics found that only 6 percent of health care institutions believed they weren't ready to handle a case of online extortion.
The problem with this is that medical organizations have time and again been proven to be extremely open to attacks, especially from ransomware infections. There is a laundry list of hospitals and other health care providers that have been subject to these hacks in the past year alone, and it would appear this trend is getting worse all the time.
Trend Micro's Christopher Budd made the astute observation that a lot of this can be boiled down to how many organizations treat their cyber security. He references a "set it and forget it" attitude toward security concerning email and web threats, which is where a vast majority of ransomware attacks originate. This means that systems set up years prior that may have been the top of the line at the time are most likely outdated now, and are therefore easy for hackers to avoid entirely.
Any industry can fall victim
Another issue affecting enterprise IT right now is the fact that certain industries believe themselves to be safer than others. One sector may look at the ransomware problems hitting health care organizations and think that this means their business will be saved – but nothing could be further from the truth. Hackers are after one thing: money. If they can get it from you, they don't really care what you sell or what service you provide.
If you need proof of this, simply take a look at the recent attack on The Circle Sport – Levine Family Racing's system. This NASCAR collective had a test computer that contained a lot of important data about past vehicle performance. Getting ready for a race without this information would be impossible, which put them directly in the sights of a malicious cyber criminal. CSLFR's computer became a victim of a hacker's ransomware scheme, having all of its data encrypted and completely out of reach of the racing team.
"The data that they were threatening to take from us was priceless, we couldn't go one day without it greatly impacting the team's future success," said Dave Winston, crew chief for CSLFR. "This was a completely foreign experience for all of us, and we had no idea what to do. What we did know was that if we didn't get the files back, we would lose years' worth of work, millions of dollars."
While hackers certainly have their favorite industries to target, stepping out of their comfort zone can actually be extremely advantageous. A NASCAR team would never expect to be hit by ransomware, and would therefore have no idea how to handle an infection. CSLFR ended up paying the ransom to get their data back, which is something a lot of technologically uninformed organizations do when they're hit with an attack they've never seen before.
What can you do to prepare?
Although a lot of organizations believe themselves to be more prepared than they truly are, there are a few things they can do to actually beef up their security. First and foremost, employees need to know that ransomware very often comes from either disreputable websites or phishing email campaigns. Workers need to know that they are the first line of defense against these kinds of attacks, and that their actions have a direct effect on the digital health of your company.
After this, business administrators need to invest in a backup routine. The whole point of a ransomware attack is that you have to pay money in order to access your most important information. However, if you have this data stored in a separate location, such an infection really isn't that big of a deal. Wiping this malware from a computer or network is going to take a lot of effort and time, but having backup copies of your data means you won't have to cave into a hackers demands.
Many companies need to accept the fact that they simply aren't as safe as they thinkg they are. Anyone from NASCAR racers to CEOs can be hit by a ransomware attack. So regardless of your company's industry, you need to be ready.