Jay Ralph, Managed Cloud Global Lead at SoftwareONE explains how SMBs can protect themselves against ransomware criminals
In recent months, there’s been a slew of high-profile ransomware attacks. From hackers compromising IT management software supplier Kaseya, to the long-running cyber-attack on the Irish health service, we’ve all seen the devastation that hackers can cause.
The Irish attack in particular has been described as “catastrophic”, with appointments in some areas of the health system plummeting by 80 per cent. This has led organisations of all sizes and in all sectors to think about what they would do if they were a victim of an attack.
If something as large and sophisticated as the Irish health service can be so badly impacted, all companies need to re-evaluate their own ransomware protections – especially small to medium-sized businesses (SMBs). Industry statistics estimate that almost half of SMBs have been victims of ransomware and the impact can be devastating.
It takes 287 days for SMBs to recover from the average ransomware incident, with the average cost of downtime totalling more than £102,000. With the stakes so high, it’s critical that SMBs improve their security measures to fend off hackers. However, to successfully develop robust protections against ransomware attacks, organisations first need to know the full extent of what they’re protecting themselves against.
Why are they at risk?
Ransomware attackers see SMBs as an ideal target because they are unlikely to have as sophisticated defences compared to larger businesses, but still have the capital to be worth the risk. Ultimately, it works for cyber criminals to attack small businesses and get smaller but frequent sums of money, whereas larger enterprises are reluctant to pay huge ransoms.
SMBs also are less likely to use traditional, on-premises infrastructures, instead operating hyperscale and multi-cloud environments. This expands their digital footprint and can mean ransomware spreads quicker throughout their IT infrastructure, putting them at greater risk of suffering major data loss and paying a ransom. Malicious actors use the following methods to successfully attack SMBs:
- Social Engineering – Hackers prey on end-users’ trust and emotions. They require users to take an action, like clicking a link, which sets the ransomware process in motion. An email could seemingly come from your boss sending you an employee appreciation gift card or could feature a dangerous attachment posing as an invoice from a client.
- Executable Ransomware – End-users downloading an attachment or clicking a link triggers the malicious code to write a file to the disk. Unfortunately, they have now downloaded and installed ransomware that executes when installed. From there, the ransomware spreads rapidly across your network and will execute on the malicious actor’s cue.
- Fileless Attacks – When the end-user clicks on the link or document, they download the ransomware code. However, they do not need to install the ransomware for it to execute and impact their device. They can hide inside legitimate applications, like Microsoft Word, which means that any web-based application, storage location, or database is at risk. Fileless ransomware leaves little evidence as it doesn’t save anything on a device, which makes it difficult to find and remove it.
Normally, attacks happen at night or at a weekend. This puts strain on small IT teams who must then work out-of-hours to carry out root cause analysis; communicate with key stakeholders on how the attack happened, its severity and impact on the business, when it can be fixed and whether to pay the ransom; and finally, restoring the affected data so that the business can get up and running.
While protecting against ransomware might seem like a difficult task for SMBs, creating a proactive, defence-in-depth approach can mitigate the likelihood and organisational impact of a ransomware attack.
How to build a defence
Understanding the vulnerabilities in their security strategy can help SMBs take a proactive approach to mitigate data breach risk. Here are four steps they can take to protect their business against ransomware:
- Start with Cybersecurity Awareness – Making employees aware of risks can help stop a ransomware attack ever occurring. SMBs should look at training programs that offer baseline testing, to get a sense of what employees currently understand about cybersecurity and appropriate reporting to measure the effectiveness of the training. They should use interactive and engaging content, incorporate gamification, and automate simulated phishing attacks to ensure users retain what they learn.
- Establish End-Point Antivirus Protection – Antivirus software has evolved to predict new malware signatures and it’s critical for SMBs to install antivirus on all endpoints, including servers. When purchasing antivirus software, look for: Endpoint Detection and Response Solutions that use AI or machine learning to predict new ransomware variants; the size of the signature database used by an analytics engine and how often its updated; the tool’s ability to quarantine and remove malicious code.
- Engage in Penetration Testing – SMBs should schedule regular vulnerability assessments and penetration tests. Malicious code generally needs to engage in a pattern of behaviour as part of a ransomware attack, so it’s important that SMBs test for these attack patterns and ensure their security controls’ effectiveness.
- Create a Regular Backup Plan – Many SMBs assume that if they have Microsoft 365, their systems are backed up, which is incorrect. Organisations must set up appropriate backup and recovery procedures to prevent lost income and data from ransomware attacks. This can either be done in-house or through a partner. The ideal partner can automatically detect, compress, and duplicate data across your IT infrastructure, consolidate backup solutions to lower costs and maintain compliance with organisational backup policies and security controls. They will also be able to restore data in the event of an attack, meaning the victim organisation can concentrate on root cause analysis and communicating with key business stakeholders.
Ransomware will continue to plague businesses for as long as cyber-criminals can make money through it. Any organisation of any size could be a victim, and SMBs are as lucrative a target as ever. As a result, putting security processes in place and testing their effectiveness is key to mitigate risk of an attack and reduce impact on your organisation if one ever takes place.
Jay Ralph, Managed Cloud Global Lead at SoftwareONE
Main image courtesy of iStockPhoto.com