Will I have to pay a ransomware demand and how to prevent getting one copy
Are you a cyber target?
We’re now well into the pandemic and we have seen seismic changes in society, uprooting ideas we once held as principle - avoiding social contact, hybrid/remote working and consumption moving online. To adapt to this new world, businesses have been accelerating their digital transformation, moving their infrastructure to the cloud, and outsourcing services.
However, with this move to a digital landscape, the risk and impact of cyber attacks is only evolving and expanding in scope.
There are many reasons why individuals and organisations mistakenly believe their risk is low, and that this couldn’t possibly happen to them:
- “Cyber attacks only target large enterprises”
- “We don’t hold anything of value”
- “We have an antivirus”
- “Cyber threats are external”
- “We don’t have any IT”
- “Cloud providers take care of all our security”
To help you better understand the risks, we’ve compiled this list of common myths and misconceptions about cyber attacks, and will explain why it’s best not to fall into them!
“Cyber attacks only target large enterprises”
We’ve all seen the gamut of headlines where large enterprises have been targeted by cyber attacks, had their data breached or been held for ransom. As a result, there is a common misconception amongst some organisations that they’re too small to be a cyber target. This myth is fuelled by the natural focus of news stories being on large scale attacks on multinational corporations known to the public e.g. Bombardier, Apple, and Accellion.
While these eye-catching cyber attacks reverberate globally, they obfuscate the risks to the soft underbelly of the internet: small and medium-sized enterprises (SMEs). Little known is the fact that most cyber attacks aren’t targeted at specific companies – instead, 54% of cyber attacks are from automated tools casting a wide net across the public internet to find vulnerable hosts and ports.
- 43% of all cybercrime occurs against small businesses and around half of all global cyber-attacks are reportedly against organisations with fewer than 250 employees.
- Four in ten UK businesses (39%) and a quarter of charities (26%) report having cyber security breaches or attacks in the last 12 months.
These statistics pour cold water on the notion that cyber criminals only target large enterprises, or that criminals will deliberately ignore smaller or non-profit-making organisations. In fact, the risks for SMEs are likely higher as there are no dedicated cyber security teams/departments at hand as there are in much larger organisations.
While all organisations, irrespective of size or industry, are at risk from cyber threats, this doesn't mean they’re an inevitability. There are measures which can be taken to prevent and mitigate such risks. The first step to a more secure digital future is to admit that you might be at risk, and then to take action to remedy it.
“We don’t hold anything of value”
Some businesses may be inclined to feel that their data is not valuable, or that it is simply not worthwhile to a potential attacker.
However, almost all organisations will hold some client/customer data, internal records and communications, sensitive employee details, financial records, and operational systems. These are are all simple data items which a business requires to be functional, and without which it could not operate. If you imagine a scenario where this data isn’t available, would you be able continue business as usual?
The chart above illustrates the digital footprint of organisations and their reliance on technology for basic functions. A successful cyber attack would likely render these unusable, or alternatively compromised - meaning that they could be used for fraud or other malicious purposes.
In the current environment it is common for cyber attackers to deploy ransomware to vulnerable systems, spread throughout the network and encrypt all data on infected machines, which can then be held for ransom. Where operational systems have been compromised, this would mean downtime.
The risks of a cyber attack cannot be understated, as the costs are significant - not only encompassing the direct financial loss but also regulatory fines (e.g. GDPR), trust and reputation loss, and the lost business and operational impact from downtime.
Data is valuable, whether it’s personal or for business operations, and should be protected as such. We’re not saying you need to become Fort Knox to protect data, there are sensible proactive measures which can be taken to effectively mitigate risks:
- Secure your email platform, using multi factor authentication, and basic external email security.
- Secure your network and all your organisation’s devices, using endpoint protection, properly configured firewalls, segregating sensitive data, and encrypting all data where possible.
- Back up core configurations, systems & data, keeping backups separate from your network, ideally encrypted and protecting access with multi-factor authentication.
“We have an antivirus”
<blockquote class="twitter-tweet"><p lang="en" dir="ltr">Symantec, which invented commercial software to protect computers from hackers, declares antivirus as 'dead.' <a href="http://t.co/H5lA3BmJO4">http://t.co/H5lA3BmJO4</a></p>— The Wall Street Journal (@WSJ) <a href="https://twitter.com/WSJ/status...">May 11, 2014</a></blockquote> <script async src="https://platform.twitter.com/w..." charset="utf-8"></script>
Junior Product Manager copy
Operations Analyst [closed] copy