Ransomware: Is your business protected from the biggest online threat?
Ransomware is recognised by cybersecurity experts as by far the biggest threat to any organisation with an online presence. However, until it happens to them, many business owners or managers don’t fully appreciate the damage that ransomware attacks can do. This type of attack is a growing threat as a new generation of cybercriminals have access to technology which is easy and cheap to buy on the dark web. Read on for our view on the risks this threat creates, and what you can do to protect your business.
Ransomware is encryption of an organisation’s files by cyber criminals who demand money in exchange for providing access to them. Because organisations don’t want to publicise the fact that they have been victims of a ransomware attack, or reveal when ransoms are paid, it’s difficult to get a 100% accurate figure for how many attacks there are and how much it is costing businesses or public sector organisations. However, the best available research suggests a global figure in the region of one billion US dollars was paid out in 2023. This is widely believed to be a record-breaking year for ransomware payouts.
Ransomware is widely recognised as the biggest cybersecurity threat for any organisation
Paying up won’t make the problem go away
There is still a common misconception that paying a ransom can solve the problem if there is an attack. However, it’s not that simple because….
· In most jurisdictions paying a ransom to criminals would be illegal and regarded as a serious breach of anti-money laundering laws. In the UK there is a regulatory requirement to report ransomware attacks to the Information Commissioner’s Office (ICO);
· Once a business has shown that it’s willing to pay, it may just encourage the criminals to demand even more money;
· Even if a ransom is paid and criminals restore access, there’s still a risk that they have created a backdoor to access your systems with a view to making more demands in the future;
· Really sophisticated criminals could use the knowledge that a ransom has been paid and laws have been broken to blackmail a business by threatening to reveal this information to the public.
A growing threat
According to recent research, so called ‘junk gun’ ransomware variants are making it easier for criminals to use cheaper, off the shelf ‘solutions’. As in many walks of life, cost is a driving force – it’s the same with this new wave of ransomware because these variants are about one third of the cost compared to what was previously available. It’s easier and cheaper than ever before to carry out these attacks, and very difficult for law enforcement agencies to track down the culprits who may be based in countries which are beyond their reach.
Prevention is better than cure
When ransomware attacks are measured in terms of the financial impact, time and resources, plus the effect on customers and brand image, investing in a cybersecurity solution which protects against this and other threats is always the most cost-effective option.
It’s true that in the event of a ransomware attack there are sometimes ways that IT specialists can recover encrypted data so that a ransom doesn’t have to be paid. But prevention is always the best option because the damage caused if an attack does succeed can be devastating and irreparable.
Our Solution
For most businesses, air-gap systems can be the backbone of a solution which provides a high standard of ransomware protection. This essentially means isolating a network so that there is a physical separation of mission-critical data and points of access which can be exploited by cybercriminals. It also protects against accidental human errors within a business that pose a risk too. However, there is a wide variation in the quality and effectiveness of air-gap based solutions – and every business has its own unique systems and requirements. That’s why we choose to offer customised solutions rather than a ‘one size fits all’ off the shelf product.
Summing up
The threat of ransomware is growing, and any business here on the Island which has an online presence is at risk. But it’s not all doom and gloom because the IT industry is responding with new and better solutions to meet this challenge.
Businesses that haven’t been hit by a ransomware attack may think there’s no need to review whether their current cybersecurity solutions are able to offer protection against a new wave of threats, so they may think there’s no need to invest in an upgrade. But this is false economy which can have devastating consequences. In this sense, as in many other aspects of business, complacency is perhaps the biggest risk of all.
