Ransomware showed huge growth in 2016. In 2017, we can expect it to make up more than 50% of all cyber attacks. An organization that gets hit may face the choice of losing its files or paying a substantial sum to criminals.
In 2016, almost half the companies in the US suffered ransomware attacks. Total losses, counting both money paid and the effect of file damage, were around a billion dollars.
Ransomware is popular with criminals because that’s where the money is. People with no programming skills can buy a ransomware kit and launch attacks. New variants keep appearing, the number of attacks keeps growing, and there’s no reason to think the trend will slow down this year.
Experts predict ransomware attacks will become more targeted. Criminals will go after enterprises with money and demand more. Software will become easier to get and use, encouraging more small-timers to get in the game.
5-Point Ransomware Protection Checklist
All organizations are at risk; but with smart preparation, the damage can be contained. Here are 5 action items to help you prepare:
- Backup data. An offsite backup is safe from most attacks. If you keep it constantly up to date, then you can restore any files that the ransomware damaged. Keep it updated at least on an hourly basis to minimize the worst-case loss.
- Have an incident response plan. Ransomware notices are designed to panic users into hasty decisions. Having a plan in place lets you respond quickly but without excessive haste. The plan needs to cover assessing the damage, preventing its spread and finding a remedy. With some types of ransomware, you can recover your files even if you don’t have a backup.
- Make sure top management understands. When computers shut down and unknown criminals demand money, the company’s top management will want to know what’s going on and may have to make a policy decision. This requires them to understand in advance what ransomware is and all potential risks.
- Train employees. Most ransomware starts with “phishing” email. Proper security habits will greatly reduce its chances of getting through. Employees should regard any dubious-looking message, including “official” ones, with caution and not click on their links or open attachments.
- Take a comprehensive, multi-layered approach to security. Today’s threat landscape requires a comprehensive, multi-layered approach to defense. It needs to protect all endpoints and keep malware from jumping across network segments. It has to detect threats dynamically, rather than just matching files against known malware patterns. It must respond quickly and automatically to prevent major damage
Our partner, Fortinet, offers an advanced threat protection framework (ATP) that provides the capabilities addressed in point five. Designed to cover the entire attack surface, it can detect and mitigate even previously unknown threats and share information across security components to allow for a swift, coordinated response. CCSI can deliver the advantages of the Fortinet ATP as part of an integrated, collaborative security fabric that connects discreet security solutions on one platform.