Make those minutes count

Staying Safe: How to Prepare for Ransomware

RansomwareThe cybercrime game can be faddish at times, with cyber crooks all briefly piling on the “flavor of the month” attack before collectively moving on to the next big thing. One thing we can be certain of after the past year, however, is that ransomware has been added to the regular menu. It’s here to stay.

How Ransomware Works

It’s no wonder the dark underbelly of the internet is so taken with ransomware attacks. For keyboard-based ne’er-do-wells it really is the gift that keeps on giving.

A ransomware attack begins much like any other cyberattack. The bad guys get into the target system by the usual methods; most frequently via a phishing email or a spear-phishing email. This opening is used to plant the malware, and it is the nature of this malware package that sets ransomware apart.

The malware, once it gains access to the system, encrypts all the data it can find with an encryption key known only to the bad guys, who then demand lots and lots of money in exchange for getting the data back.

To Pay or Not to Pay?

A business that has been hit with a successful ransomware attack usually has only 2 options: say goodbye to the data, or pay the money.

No business can afford to lose all their data, so most companies end up paying the ransom, but this has unintended consequences. Now that the bad guys have access to the system, it’s trivial for them to get back in at a later date – some even go so far as to install a backdoor into the system so they can come and go as they please. Having walked away richer the first time, what’s to stop them from going back to the well a second or even third time? They know that the company is willing to pay, and so they make the company pay.

Thankfully, while the consequences of a ransomware attack can be more dire than other types of attack, they are no more difficult to prevent, or to deal with afterwards – given a certain amount of preparation.

Ransomware Defense

The first line of defense is prevention, and this involves solid email security that can detect and remove email-based threats before they reach the recipient. Another key part of prevention, or at least mitigation, is implementing a multi-layered security solution so that breaches can’t compromise the entire system. 

Finally, under preparation and aftermath, companies need to establish and follow a business continuity plan that incorporates real-time backups of all important data.

Real-time backups can allow companies to more or less ignore ransom demands. If infected with ransomware, they can simply roll back the clock to a point before the malware hit the system and continue on, as if nothing had happened, with minimal data or productivity loss.

Conclusion

According to the FBI, ransomware attacks in 2015 were responsible for ransom payments of just over $1.5 million. In 2016 that amount was almost a thousand times more – close to $1 billion. This huge increase is because of two factors: ransomware attacks are hard to stop, and the bad guys are almost impossible to catch.

If the numbers above are any indication, it will be almost impossible for most businesses to avoid a ransomware attack in 2017. Given an environment where ransomware attacks are an inevitability, being properly prepared is the only viable option.

Security Budgets Continue to Soar, But Is It Enough?

SecuritySecurity is now a vital concern for businesses across several industries. However, investments in privacy and defense should have been implemented years ago. With cyber crime now an international epidemic, why have so many companies waited so long to invest in cybersecurity measures? The following sheds some light on whether or not it’s too late to invest in cybersecurity.

Cybersecurity Is an Increasing Concern

Cybersecurity is a growing concern for many businesses, and the number of high-profile breaches continues to grow each year. In 2015, there were approximately 781 data breaches across the U.S. – the second highest year on record for security invasions. According to industry monitors, 40% of those breaches happened entirely in the business sector.

With this in mind, industry experts have predicted mass-scale investments in cybersecurity for 2017. Here are a few statistics based on Business Insidermagazine and other industry publications:

  • An estimated $655 billion will be invested in cybersecurity measures between 2015 and 2020.
  • Nearly $2.77 trillion in security investments was estimated for 2016 – far above the $75.4 billion in spending that took place in 2015.
  • These numbers suggest that businesses are just now catching on to the importance of cybersecurity.

Are Recent Security Investments Enough?

Are these recent security investments enough to combat the rising number of intrusions? According to Radware, companies that are only now investing in cybersecurity protocols are way behind. This is due to new threats that are evolving at rapid rates, so much so that even the latest security applications and programs are not able to contest new strains of malware, adware, and other viruses.

Companies cannot afford to sit around and wait for the next best cybersecurity solution. Industry experts recommend the following:

  • Never procrastinate when it comes to protecting enterprise hardware, software, applications, and general infrastructure.
  • Work with leading vendors to develop a sound and proactive security platform that can combat prior and new threats.
  • Strong security platforms are based on solid foundations; core policies and processes for data availability, integrity, access, and confidentiality must be in place.

 

The Rising Costs of Security

IBM recently estimated that the average cost of security breaches in 2016 was $4 million. This was up from $3.8 million in 2015 – and is slated to grow even more in 2017. With this in mind, businesses have to stop scrambling with last minute endeavors to protect corporate data. They simply need to agree on one comprehensive and cohesive security platform that will prevent massive revenue losses.

The longer businesses wait to implement cybersecurity initiatives, the more susceptible they will be to digital intrusions. It will also be harder for them incorporate security measures in the future, especially if infrastructure has already been jeopardized.

A Cloud Cost Assessment

shutterstock_156845033Many companies are turning to the cloud to gain access to scalable and flexible applications and services at a price they can afford. Cloud services offer companies several advantages they might not be able to purchase or implement on their own, including disaster recovery capabilities and the ability to increase or decrease usage or add and drop services based on their operational needs.

But while the advantages of transitioning to cloud-based services is enticing for a variety of reasons, it is wise to take a careful look beneath the surface to ensure the company’s needs and requirements will be met and that the true price point makes sense for the company’s budget.

Compliance Requirements

The first step in determining where a business wants to go is to figure out where it is starting from. When it comes to making a cloud transition, knowing a company’s current and future needs and requirements is crucial.

Early in the process, the company must understand what its compliance requirements are. In some vertical markets, data security regulations may require that certain data can’t be stored in the cloud. Understand from the outset if certain processes and data sets must be retained on private networks.

Personnel Requirements

A business should determine its IT personnel requirements and ensure the entire team is well versed, trained, and prepared for the transition process. Not being prepared with the right participation and knowledge could translate into higher costs.

Application Requirements

Finally, understand where current applications are in their life cycle. Certain legacy assets may not be supported by cloud-based solutions, and moving to the cloud while those applications are still needed could create a headache as well as additional costs. Transitioning to a cloud-based service is likely to be more cost efficient when it occurs at the natural end-of-life stage of applications, when upgraded products or services would have been necessary anyway.

Cost and Elastic Load Balancing

Once a company knows where it is and has figured out where it wants to go, it must then study the costs associated with getting from point A to point B. It can be difficult to compare costs among cloud providers as pricing models can vary widely.

Costs can be controlled to some extent by employing elastic load balancing, which involves shifting capacity between internal assets and cloud solutions. This can increase network efficiency and can lead to cost savings.

Cost and Usage

Monitoring usage is another key to getting the most out of a cloud solution. A predictable monthly fee does not necessarily mean resources are being used in a predictable and constant way. Train personnel to carefully monitor usage and remove unused space as soon as possible to ensure capacity isn’t wasted.

Making the Cloud Decision

The upfront and recurring costs associated with cloud-based services must be weighed against the competitive costs of not deploying cloud services. While one company may shy away from the cloud, its competitors may be turning cloud advantages into competitive advantages. Cost savings reaped from employing a cloud-based service can be passed on to consumers and help companies gain customers and market share.

But that doesn’t mean it’s wise to jump right into a cloud deployment. Understanding the company’s needs and requirements before heading down the cloud path will help ensure that the right cloud applications and services are being purchased at the right price.