Why Does My Company Need to Defend Against Ransomware?
Modern ransomware first entered the scene as a serious and categorical threat in May 2017. Since then, the new category has been an incredible money-maker for threat actors and multiple variations have been iterating non stop ever since.
Chief Information Security Officers (CISOs) and security teams across the globe have focused their efforts on detecting and deterring these destructive attacks.
One trend, however, appears to be certain: Ransomware is here to stay, and both the virulence and velocity of these attacks are on the rise.
Businesses both large and small have been seriously impacted by this trend. A recent industry report* mentioned the following:
- 66% of organizations lost revenue following a ransomware attack.
- 35% of businesses that paid a ransom demand shelled out between $350,000-$1.4 million, while 7 percent paid ransoms exceeding $1.4 million.
- 53% of organizations’ brand and reputation were damaged in a successful attack.
- 32% of organizations lost C-Level talent as a direct result of ransomware attacks.
- 29% laid off employees due to financial pressures following a ransomware attack.
- 26% of organizations were forced to close down operations entirely following a ransomware attack.
(Cybereason Report, Ransomware, the True Cost to Business)
Business leaders and technical teams everywhere have stepped up their attempts to both detect and deter these destructive attacks, however new incidents continue to occur at an alarming rate.
Why is Ransomware on the Rise?
Like a “perfect storm”, there are several forces coming together that are fueling the Ransomware problem. These include:
Increasing popularity and adoption of Bitcoin – Bitcoin has been a significant factor in the rise in ransomware attacks. The lack of oversight by any governing body coupled with quasi-anonymity makes it an ideal currency to facilitate ransomware demands.
- Ransomware-as-a-Service Business Model – The evolution of ransomware-as-a-service (RaaS) has played a key role in Ransomware attack proliferation. RaaS has moved the execution of a ransomware attack from “professional” to “script-kiddie”, allowing non-sophisticated service buyers to rent the resources needed to execute a highly complex attack. The business model has become a sophisticated eco-system of criminal gangs and partnerships between developers, money-collectors, stolen credential sellers, platform-providers, information harvesters, and others.
- Rapid Shift to Remote Work due to Covid – Soon after the Covid Pandemic began, businesses were reactively forced to shift millions of in-office positions to remote employee access.This not only increased the attack surface for remote attacks, but the speed in which remote workers were setup undoubtedly exposed security weaknesses and configuration oversights that were able to provide attackers fertile grounds for exploitation.
- Social Engineering Sophistication – Another reason that ransomware continues to proliferate, despite well-known attack vectors such as e-mail, is that users have not been properly trained or made aware of the dangers of opening malicious files and e-mail attachments. This trend highlights a need among organizations to improve web and email security and user security awareness. Beyond the basic e-mail attachment problem is the fact that the phishing e-mails that steal login credentials or use malicious links to download malware, have greatly improved their e-mail formatting and messaging making it more difficult to discern for the average user.
Who is a Target of Ransomware?
Every type of business today is a target. Since the purpose of Ransomware is to lockup/disrupt operations rather than steal information, businesses that are dependent on automation and Information Technology are obviously the most vulnerable. That likely covers about 85% of businesses today. The more an organization can be operationally disrupted by being locked out of their systems, the greater the target for Ransomware. This includes businesses that are often not thought of as traditional targets, because they are not as rich with personal data, credit cards, healthcare info, etc. Non-traditional targets include construction, manufacturing, legal services, state and local government, and professional services.
How do I Protect My Company from Ransomware?
Organizations are spending billions on cyber security, but the Threat Actors are still getting in. 53% of successful cyber-attacks infiltrate without being detected. How do you detect advanced threats (i.e. ransomware and DDos) early in the proliferation process?
The key problem in ransomware detection is that they almost never attack the same way twice. Ransomware attacks are dynamic and constantly changing, which makes it difficult for static, rules-based security tools to detect. The best way to detect ransomware is with a dynamic threat detection tool set that can fully process and find unknown threats.
Security On-Demand’s ThreatWatch® Advanced Detection & Analytics solution has a unique advantage of finding the dynamic threats in your data by using Big Data Analytics, Artificial Intelligence models to find threats, like ransomware, early before they exploit your system. Learn more about how Security On-Demand detects threats like ransomware here.
About Security On-Demand
Security On-Demand (SOD) provides 24×7 advanced cyber-threat detection services for mid-market companies and state or local government agencies. SOD’s patented, behavioral analytics technology platform, ThreatWatch® enables the detection of advanced threats that help protect brand value and reduce the risk of a data breach. Headquartered in San Diego, California with R&D offices in Warsaw Poland, SOD services and protects hundreds of brands globally and is the winner of multiple industry awards. Please visit us at www.securityondemand.com. Find us on LinkedIn and follow us on Twitter @SecurityOnDmand.