Hackers haven’t overlooked your company’s reliance on technology to fuel the remote aspects of your business. Ransomware attacks, in particular, are growing. In fact, they’ve passed credit card theft as the top form of cybercrime. In the CyberEdge 2020 Cyberthreat Defense Report, most businesses (62%) were victimized by ransomware in the past year. TxDOT and the Texas Office of Court Administration were among them.
What is a ransomware attack?
Ransomware is a type of malware attack on software that denies access to a computer system or data until a payment is made. It usually spreads through phishing emails (those spam links that employees too often click on) or by unknowingly visiting an infected website. Some attacks are quite sophisticated and use high-level programming languages like Java to target niche industries like the recent Tycoon ransomware attacks.
Not only are the number of ransomware attacks in businesses rising, but the payments are, too. In 2017, just 39% of organizations hit by ransomware paid to retrieve their encrypted data. That figure shot up to 58% in 2019. And the price tag on the payments can be devastating. Just this past month, the University of California San Francisco (UCSF) School of Medicine paid a $1.14 million ransom to unlock critical research data that had been encrypted in a ransomware attack.
In a surprising twist, many of the known ransomware groups have steered away from attacking medical facilities—usually, a top target—during the coronavirus pandemic (Even cybercriminals have ethics?) and have shifted to attacking more financial and manufacturing businesses.
Who’s to blame?
Data protection firm Veritas reports that when it comes to protecting consumer data from ransomware attacks, 79% of consumers expect companies to implement security software. Some 62% also expect organizations to have backup copies of their data.
And they’re not forgiving when it comes to placing the blame when an organization doesn’t follow through. About 40% of consumers hold CEOs personally responsible for ransomware breaches and think the CEO should be fined, resign, and be banned from running a company in the future, or even face a prison sentence for allowing it to happen.
So even if a business recovers from a ransomware attack, the C-suite may not. It’s food for thought.
Mitigate your risk
A heartbreaking component of ransomware attacks is how preventable they can be.
“An IT security risk assessment and/or IT security audit could help prevent security downfalls and shore-up vulnerabilities for the organization and the C-suite by designing a holistic approach for people, process, and technology to make a defense strategy successful,” says Andrea Anderson, an HT Group Executive Advisor who consults on IT audits, information security management, and project management.
She recommends starting with a risk assessment, which identifies the key assets, the possible risk to these assets (e.g., destruction, modification, improper disclosure) and the controls in place to mitigate the risk.
“It is imperative to use a risk assessment to determine the controls to put into place,” Anderson adds. “Risk assessments are also closely related to the business impact analysis (BIA) and they provide necessary data to gauge impacts.”
A security audit then proves that the identified controls are in place and in alignment with the security program. A gap assessment can then further measure a security program against a known framework.
“Security vulnerabilities evolve rapidly, especially in today’s landscape,” says Sam Wood, The HT Group’s Director of Consulting Services. “You can gain both peace of mind and a smart game plan by working with experts through our HT Group Consulting Services to reduce your risk.”
FIND GREAT TALENT NOW
The HT Group fills roles in Temporary Staffing, Executive Search, Technical Recruiting, and Retained Search.