The global pandemic has not only meant total disruption of how we live and work, but it has also brought along with it a huge surge in cyberattacks.
watch short video > https://youtu.be/ImG_VqfoxiE
2020 was a particularly dangerous year, with increases in all types of cybercrime, including ransomware. Ransomware grew 72% during the pandemic, with mobile vulnerabilities increasing by 50%.
Remote computer support calls in Tipton and throughout the U.S. were impacted by this cybercrime increase, which included everything from stolen login credentials to identity theft to complete loss of data.
Ransomware is a particularly expensive form of malware due to the extensive downtime it causes. It’s designed to quickly spread from one device to another, and it’s not long before an entire organization is at a standstill because they can’t access data that’s been encrypted.
How Ransomware Typically Works
- Infection of a device through phishing email, malicious site, or in another way
- All data is encrypted, making it impossible to read by the user
- Infected computers show a ransom message demanding payment to return data access
- Users either have to rely on a backup, or if they don’t have one, pay to get their data back
How Much Does Ransomware Cost?
The average cost to remediate a ransomware attack in the U.S. is:
- 100-1,000 employees: $505,827
- 1,000-5,000 employees: $981,140
These costs include things like:
- Downtime
- People time/loss of productivity
- Device cost
- Network cost
- Lost opportunities/lost sales
- Ransom payment (which can vary)
Ways to Protect Your Network from Ransomware
Protecting your business network from a ransomware attack takes a layered approach, which includes the ability to recover quickly as well as cybersecurity measures to keep ransomware from infecting devices on your network.
Employee Security Awareness Training
Phishing emails are the main delivery method for ransomware and other types of malware. These are directed at your employees, putting them on the front line of your security.
Conducting ongoing employee security awareness training can help employees identify phishing more easily and avoid infecting their device with ransomware or another type of malware.
Email Spam & Phishing Filtering
A good email spam filter can significantly reduce the number of dangerous emails that make it into employee inboxes. Filters are designed to catch both spam and phishing attacks and to quarantine those messages instead of delivering them to the user.
DNS Filtering
Links to malicious sites have become the norm in phishing and other online social engineering attacks. Someone sends a link in a direct message or email and a user isn’t usually as suspicious of it as they are a file attachment.
According to Google, over 2 million new phishing sites were created in 2020.
DNS filtering checks URLs against known malicious sites. If danger is detected, they’ll direct the user to a warning page rather than to the site. This can prevent a ransomware infection even after a user clicks a dangerous link.
Strong Anti-Malware Protection
To protect against the current types of ransomware and other online threats, you should be using an antivirus/anti-malware protection that uses AI and behavioral recognition.
Many ransomware threats come from Zero-day exploits, which mean they’re so new that they haven’t been cataloged in a threat database yet. AI-powered anti-malware is able to catch these by looking for suspicious code behaviors and shutting them down.
Use Multi-Factor Authentication on All Accounts
Credential theft has been on the rise, and once a hacker gets into a cloud account, they can easily inject file storage systems with ransomware. It’s important to use strong passwords and ensure all accounts use multi-factor authentication (MFA).
Even with the password, a hacker often can’t breach an account with MFA enabled, because they’re unable to receive the MFA code that’s required to gain access.
Protect Mobile Devices
Mobile devices now make up a majority of the endpoints on a company network. They do as much as 80% of the workload now but are often left less protected than a computer.
A smartphone that is infected with ransomware can just as easily infect an entire network as an infected server.
Some of the protections to put in place for mobile devices include:
- Installing mobile anti-malware
- Using an endpoint device manager to keep devices updated and monitored for threats
- Only download apps from legitimate app marketplaces (Apple, Google, Microsoft)
Keep All Your Data Backed Up
Having a complete copy of your data that can be restored makes a huge difference in the speed of recovery, whether or not you have to pay a ransom, and the overall cost of a ransomware attack.
Make sure you continuously back up all your data, both device and cloud, so you’re protected should an infection happen.
Schedule a Cybersecurity Assessment with Magnify247.com
Often, businesses don’t realize they have a cybersecurity vulnerability until it’s too late. Make sure you’re protected by scheduling a cybersecurity assessment. We’ll review your current strategy and let you know of any weak spots.
