Ransomware: A Growing Industry
For enterprises, one worrying trend is the resurgence of ransomware, which returned in full force in the first quarter of 2015. As the name suggests, ransomware takes corporate or personal data hostage, demanding payment from victim to gain back access to data supposedly stored or saved on their own devices. In most cases, data is still present on user devices, but encrypted so that access is impossible without the key. The ransomware maker will only provide decryption keys when paid.
Once your system has been breached, the damage is done, and you can only hope that your data was not also stolen in the process. Being able to restore data from a recent backup is one possible solution. But without that, you’re at the mercy of the attacker.
According to the US Federal Bureau of Investigation, ransomware is set to be a US$ 1 billion industry this year, with attackers collecting from both corporate and individual victims. India currently ranks as fifth most-attacked country, with ransomware targeting government services, financial institutions and even private users. A recent study published by the Herjavec Group estimates global spending on ransomware prevention to be a $1 tillion dollar industry over the next five years.
How to Protect Your Digital Assets
The best defense against ransomware is to prevent malicious hackers from ever breaching your system. For a typical organization, this will involve implementing security solutions and establishing protocols that users will need to work within.
Keep operating systems, security software and services up-to-date. Most malicious hackers take advantage of so-called zero-day vulnerabilities, which means security issues that have yet to be patched by the systems provider or developer. Meanwhile, old, unpatched or unsupported software and applications are also at risk of being easily breached by attackers. The best defense here is to maintain up-to-date systems. In the case of cloud services, your provider should manage the infrastructure for you, although it will still be your responsibility to keep any applications under your purview up-to-date.
Secure network traffic. Attackers often sniff or intercept network traffic in order to steal encryption keys and even clear-text information. You will need to deploy application firewalls and other measures in order to make sure that all traffic passing through is legitimate.
Ensure proper employee training. Human involvement can sometimes be the weakest link in digital security. When protecting against malware and ransomware attacks, you will need to educate people within your organization on the proper way to handle networks and digital assets. For instance, they should be wary against clicking links on emails, giving out information or disclosing details about the organization. In addition, employees should be warned against indiscriminately accessing websites or services, as these could somehow result in trackers, spyware or other malware being inadvertently installed on their devices, which can find its way to the network.
Make regular backups. Lastly, you should make it a habit to make backups of data, whether through local external mediums or cloud backups. This way, you can simply restore from a backup if you find your data encrypted by ransomware.
The Takeaway
When your system has been breached, it’s usually too late — this means you will need to chase hackers and their work after-the-fact. For businesses that require 100 percent uptime and which promise customer privacy, having your data stolen or encrypted by a malicious entity is simply unacceptable.
Dealing against ransomware will require a mix of hardening one’s infrastructure, training employees, keeping your software and services up-to-date, as well as regularly maintaining backups to ensure business continuity and disaster recovery. While attackers can still attempt to steal your data or lock it in, having these preventive safeguards will make it more difficult to do so.
Rather than paying a heavy ransom to get back control over your data, preventing such breaches in the first place will help give you peace of mind.
