Ransomware and Cyberattacks: Get Your Business Out of the Crosshairs
By Sarah Peiper & Bill Moore
If you’ve been keeping up in the news lately, you may have noticed an alarming trend in cyberattacks. Malicious groups that used to target large corporations like Target, Experian, Blue Cross Blue Shield, Honda and others are now turning their focus to small businesses. In early July, hackers targeted hundreds of businesses around the world who had one thing in common: They were all connected to a remote management software tool called VSA. Requesting over $70 million in bitcoin in exchange for a decryption tool, hackers brought networks of over 1,000 businesses — restaurants, dentist offices, small accounting firms — to their knees.
And in case you’re not convinced it could happen to you, in late June, McDermott Top Shop, a fabricator in Wisconsin, was the target of such an attack. It crept in through their IT support network and crippled most of their operating systems. It was able to lock up their servers and get to all of their on-site backups. They couldn’t fabricate for a week. Eventually they were able to restore their systems using offsite backups, but it didn’t happen overnight and not without a lot of stress, lawyers and cyber insurance coverage.
We caught up with Bill Moore, an expert in information technology, for a look at what’s happening and how you can protect your business from ransomware and cyberattacks.
C&AS: What is ransomware and how does it affect systems?
Bill: Ransomware is a specific type of malware that encrypts the victim’s data or prevents access to IT infrastructure. Victims receive a decryption key after paying a ransom, which restores access to impacted data. Unfortunately, once a victim is infected with ransomware, it’s often impossible to restore access without a decryption key unless there is an error in the malware code. There were more than 65,000 successful ransomware attacks last year, and there is a new attack every eight minutes, making ransomware a real problem for companies of every size in every sector.
C&AS: What are the impacts of an attack?
Bill: While ransomware isn’t a new phenomenon — the first ransomware attack took place in 1989 — the cost and consequences of an attack have increased considerably, especially in the past several years. In 2018, the average ransom payment was just $7,000. The next year it reached $41,000. Today, companies can expect to pay at least $200,000 to restore critical systems, and, as a veteran ransom negotiator recently explained, “The numbers in 2020 were really bad, but, at the end of 2020, everyone looked around and said, 2021 is going to be even worse.”
To be sure, the FBI and many cybersecurity professionals discourage companies from paying a ransom, noting that it essentially serves as venture capital for threat actors, and it incentivizes continued bad behavior. However, rebuilding IT infrastructure from scratch can be even more expensive, putting victims in an impossible situation.
At the same time, ransomware attacks come with significant opportunity costs that add to the expense. For starters, one survey found that 25% of consumers will stop doing business with a company after a cyberattack. The long-term reputation damage and brand erosion are difficult to quantify, but as consumers become increasingly concerned with data security, it’s a meaningful metric.
And on a localized level, some companies are unable to work for days or weeks, diminishing productivity in ways that are impossible to recoup even after the systems are restored.
C&AS: Why would hackers target small businesses?
Bill: Most threat actors operate with a financial motivation, meaning they don’t discriminate between targeting major corporations, small businesses, or even nonprofits and aid organizations. Recently, Colonial Pipeline and JBS, a prominent oil and meat supplier respectively, were impacted by costly ransomware attacks. However, nearly three-quarters of ransomware attacks impact small and medium-sized businesses or local utilities, schools and health care facilities. Small businesses often can’t commit the same level of financial resources as their corporate counterparts, creating potential vulnerabilities that threat actors are ready to exploit. These organizations are also less likely to invest in nontechnical measures, like employee awareness training, that can mitigate the risk of an effective ransomware attack.
C&AS: What are some outdated practices that businesses are using that put them at risk?
Bill: Perhaps the most outdated practice is perspective. Many small businesses assume that they are too small to be the victim of a ransomware attack, which leads them to be apathetic about their defense strategies. More practically, some companies still install antivirus software and assume that they’ve secured their company against cyber threats. This “install it and leave it” approach will not keep a company secure.
C&AS: What are some solutions that you should have in place to protect your digital investment and your business?
Bill: Today’s companies face an expansive threat landscape that’s even more complicated by remote workers and hybrid teams. In response, all businesses have several effective strategies to guard against a ransomware attack. A zero-trust framework operates under the assumption that organizations should not trust anything inside or outside their on-site security perimeter. Zero-trust prioritizes authentication and granular system authorization, ensuring that the right people are accessing company applications at the right time and in the right way. Adopting this framework puts businesses on a firm defensive foundation, but there are other steps they can and should take.
Notably, phishing scams increased considerably during the pandemic, and these malicious messages are a prominent entry point for ransomware attacks. While spam filters and cybersecurity software can help detect phishing scams, businesses need to train their employees to identify and respond to these messages effectively, as some phishing scams will undoubtedly make their way into employees’ inboxes.
In addition, several low-tech best practices can minimize the risk of a ransomware attack. Good digital hygiene is the right place to start. Ensure that software updates are installed as soon as possible. Outdated software can contain coding errors or vulnerabilities that threat actors are ready to exploit. In addition, enabling two-factor authentication not only keeps account credentials secure, but it also may be the single best measure to significantly reduce the risk of a data breach.
Taken together, businesses can develop layers of protection against a ransomware attack, decreasing the likelihood of a costly cybersecurity incident.
C&AS: It sounds like this is an ongoing development. How do businesses mitigate risk and stay ahead of it?
Bill: Cybersecurity in general and ransomware in particular are gaining a lot of attention right now. This is a good thing, and it will hopefully encourage more companies to take meaningful steps to secure their digital environment. However, businesses need to be mindful that an effective cybersecurity strategy isn’t a one-time decision. It’s an ongoing priority that requires ongoing investment and vigilance to stay ahead of continually evolving threat trends.
Cybersecurity can be a complicated and discouraging topic, and it often feels irrelevant until it’s too late. Businesses should know that they have the power to significantly enhance their defensive posture without making unfathomable financial investments.
Cybersecurity and ransomware defense isn’t something that any company should leave up to chance, but it’s also not a problem too big to solve. Follow the steps above to begin the process, and seek support from trusted third parties when needed.
About the Author
Bill Moore is the CEO and founder, XONA, providers of a unique “zero trust” user access platform especially tailored for remote Operational Technology (OT) sites. Bill is currently working with global power generation and distribution customers to reduce their remote operations costs and cyber risks. Bill brings more than 20 years’ experience in security and the high-tech industry, including positions in sales, marketing, engineering and operations.