One click away from business ruin

One click is all it takes to bring your business down and make you yet another unfortunate cyber victim.

Can your business afford to lose $10,000? Can you afford to lose your business altogether? According to Small Business Trends, 43% of all cyber attacks are targeted at small businesses, and 60% of those businesses won’t recover from a cyber incident. Unfortunately for many businesses, it’s a financial hit they are unable to survive.

If you thought that you are not a target, think again. Being online means you are a target and handling cyber attacks is part of being digitally online.

In the Trend Micro 2016 Security Roundup Report, it was stated that Ransomware has seen a 752% increase in use, resulting in $1 billion in losses for enterprises worldwide.

So, what is ransomware? Ransomware is a type of software that restricts access to a victim’s computer, data or files and demands a ransom to be paid to the perpetrator in order for the files to be unlocked. Unlike other online scams, what makes ransomware so dangerous is how it targets recipients with personal information such as full name, location, workplace and job description, to mislead unsuspecting internet users.

Why is ransomware so successful? The best way I can answer that is by the following proverb: “That’s where the money is”.

Many years ago, banks were broken into because that’s where the money was. But today, it’s so much easier. Why try and physically break into a bank with a high potential of being caught, when they can socially engineer you to accept malicious content from their own private and comfortable home, while being anonymous and reaching thousands of other people like yourself.

You see, every business has some value. By encrypting your data and holding you to ransom, there is a possibility that you will pay.

Today, the single greatest motivator for cyberattacks is arguably money. It comes as no surprise that cybercrime is estimated to become a $2.1 trillion problem by 2019, and there’s no shortage of attackers who want a share of the pie.

Often, I get asked this question: “Should I pay or not pay?” Many companies and victims are willing to pay to recover encrypted data, as the risk of losing important data and information could be catastrophic. However, the ethical problem with this is that, by doing so, you are funding the activities of cyber criminals.

But what if I said that once you paid for the ransom, that you would most likely be ransomed again? They now know that you are a paying client. What if I also said that your business data was also stolen to the benefit of the cyber criminals? Would you then decide to pay? Most likely not.

Having said that, no matter what size company you are or the type of business you are in, there’s probably something you’re doing that somebody wants to steal. Period!

Regardless of the size of your organisation, being cautious about ransomware is important but you shouldn’t neglect to address wider security problems on your network and take a more holistic approach when it comes to responding to cyber security threats.

Ransomware is not the only threat out there, but it did account for 66% of all threats according to the Malwarebytes State of Malware Report 2017.

What can you do about it?

Like any business with limited funds, no expertise, no time, and no resources, you probably trust your complete security protection on antivirus and firewall solutions. Yes, that’s a good thing, but unfortunately not enough in today’s dynamic threats.

Every year, thousands of attacks are successfully perpetrated against organisations of all sizes. Yet many of the victims had endpoint protection solutions in place. In fact, the adoption of antivirus is virtually universal, so why are so many attacks succeeding? Simply put, antivirus software are ill equipped in dealing with the latest dynamic threats.

When a threat is known, antivirus can stop it. But cybercriminals move quickly. New and craftier threats are developed daily. It takes days and weeks for traditional vendors to push out updates to customers, leaving them vulnerable to threats that are still unknown.

Cyber criminals have a large window of opportunity when your system is left wide open to be compromised.

Businesses need to become more proactive in defending themselves. Here are four easy tips.

Tip 1: Don’t click on links that you have not requested. If you think it is legitimate, open using your iPad or iPhone rather than your Windows machine.

Tip 2: Don’t open attachments that you have not requested. If you think it is legitimate, open using your iPad or iPhone rather than your Windows machine.

Tip 3: Make sure that your operating system and applications (including antivirus) have the latest updates.

Tip 4: Backup daily. If you can, backup on a different media (eg tape). Ransomware have been known to target cloud backup. So by backing up on different media, it provides you with another level of protection.

Remember, doing the same thing and expecting different results is what I call ignorance. And this is a dangerous option.

“We are in the fights of our digital lives and we are not winning… we are facing the 21st century threats, with 20th century technology and with a 19th century bureaucracy”. (Michael McCaul, House Homeland Security Committee Chair – 14th of February, RSA Conference, 2017)