Even before the rise in remote working, Ransomware was a significant cyber-hazard. However, the problem continues to get worse, with ransomware attacks proliferating both in number and severity. Indeed, we are aware of a growth spike in this particularly nasty type of attack amongst SMEs locally.
At Blue Rock we continue to promote advice that businesses should maintain or strengthen their cyber security policies as an ongoing priority to best protect their sensitive data.
Like other forms of cyber-crime, Ransomware poses a more dangerous threat to businesses which aren’t sufficiently equipped with the awareness, know-how and tools to defend themselves. That is why in today’s blog we are happy to tell you more about ransomware and give some advice on how your business can avoid its harmful effects.
So, what is ransomware?
Ransomware involves users being tricked into installing malicious software which restricts access to a computer system and/or files until a ransom is paid. Ransomware works in one of two ways, i.e. ‘crypto’ ransomware encrypts a user’s files/data, whilst ‘locker’ ransomware locks a user out of their system entirely.
Ransomware attacks you may have heard about include WannaCry, RobbinHood, Ryuk, Bad Rabbit and CryptoLocker, which have infected hundreds of thousands of computers and caused vast amounts of damage.
Over time, cyber-crooks have adopted more advanced techniques whilst learning from past mistakes. For instance, as businesses have reacted by diligently backing up their data – therefore negating the need to pay ransom amounts to regain access to it – hackers have responded by threatening to leak the private data they have captured (from secret recipes to financial records) if businesses don’t pay up.
What ways can a business fall victim to ransomware?
There are many different ways businesses can fall victim to ransomware and not all of the methods involve a user clicking on a malicious link or attachment. For example, “Brute force” attacks involve hackers exploiting password weaknesses to hack into systems and seize control of data files. Whereas “Drive by” downloads involve the malware being installed simply by a user visiting a compromised website.
Phishing and spear-phishing e-mails can be very effective at enticing users to click where they shouldn’t, whilst there is the ever present danger of ransomware being installed via infected USB sticks and other portable media.
What are the effects of a ransomware attack?
Whilst the severity of individual attacks can vary in terms of the ransom amounts being demanded, there are other detrimental effects to consider. Certainly, ransomware attacks cause significant disruption and downtime. Theft of personal data puts customers and staff at increased risk of cyber-crime and the negative PR associated with a data loss can destroy a carefully built reputation. In a leakware scenario, the damage can extend to the theft and the subsequent sale or publication of a company’s Intellectual Property, which can be catastrophic.
So, how do I best avoid the dangers of ransomware?
Depending on your circumstances, the best approach for your business is likely to be multi-faceted. This could include implementing correct data governance procedures and introducing IT security solutions which monitor your systems for suspicious activity, as well as education and training to empower your employees with essential knowledge. There are various strands to each area, as you can see in the infographic below.
What about cyber insurance?
Cyber insurance is a relatively new type of insurance which is intended to protect businesses from internet-based risks and financial losses caused by data theft, fraud, hacking, extortion and other criminal activity. Premiums can be steep and will depend on the amount of cover you need.
Like other forms of insurance, the underwriters will assess how big a risk it is to provide you with cover. That means businesses without good information governance protocols in place may find it difficult to get coverage for this type of insurance. On the other hand, businesses with robust cyber-defence measures in place will attract lower premiums.
How can Blue Rock help?
At Blue Rock, we can help you implement information governance protocols in your business, so that you can stay in control of your data, keep it best protected and remain compliant with data protection regulations.
We actively work with you so that there is consistent and proper handling of data across your organisation. This is achieved by setting up data protection processes, empowering people with knowledge and using technology to help make adherence to processes easier.
A good place to start is to undergo an audit with Blue Rock. We can perform an assessment of your entire cyber security stance and uncover hidden risks, highlight gaps and discover weaknesses. This is followed by recommendations and methods to improve your cyber defence position.
These could involve activities such as cyber awareness training for your employees, using ethical ‘white hat’ hacking techniques to uncover password weaknesses and ongoing spot checking to ensure continued compliance across your business.
Ultimately, our priority to find out where your threats lie, fix these and help you defend yourself in the future. We can offer an initial cyber audit to identify any weak spots before implementing proven solutions to keep you protected.
To discuss your cyber audit, please contact us at info@bluerockcd.co.uk or call us on 01698 688015.
To keep up to date with the latest news from Blue Rock and also receive invitations to our events, you can join our mailing list here.