Given today’s evolving nature of work, conventional security tools aren’t keeping pace with what we need to protect against. And the cost of breaches and regulations are increasing.
These challenges are not all related to a remote workforce. Some issues stem from constraints in the supply chain and shifting customer expectations, putting pressure on traditional technological infrastructure deployments.
Organizations have been forced to rethink their systems. With remote working on the rise, companies have to manage security for corporate headquarters and data centers, as well as third-party applications, clouds or remote networks. Although the cost of creating and managing all of these cloud-based solutions to accommodate a shifting workplace can be expensive, the cost of a ransomware attack (and the downtime associated with it) is far more costly.
What is ransomware?
Ransomware refers to malicious software that, when deployed, can prevent someone from using their own computer. To restore access to the system, the person or organization must pay cybercriminals or hackers.
There are three stages of a cyberattack:
- An attack typically starts with the attacker obtaining credentials through remote access to a network or through email phishing.
- The attacker gains administrative access to the organization and begins searching for sensitive data, such as intellectual property or employee and customer data.
- The cybercriminal applies encryption to the data so that its owner can’t access it and demands ransom.
Who is being targeted with ransomware attacks?
Over the past several years, threats have continued to escalate in both volume and sophistication. Hackers are opportunistic and tailor their methods to capitalize on current events, such as attacking the healthcare industry during the start of the COVID-19 pandemic. More recently, we’ve seen attacks on supply chain service providers and critical industrial sectors, like oil and gas, finance and food and beverage.
Colonial Pipeline paid $5 million in a ransomware attack. Another attack in July 2021 targeted small and mid-sized businesses, asking for $70 million in payment. A report from Sophos found that the average bill for a company recovering from a ransomware attack – including downtime, employees, hours, device costs, network costs and lost opportunities – was $1.85 million in 2021. It’s estimated that this price tag will increase 30% every year over the next 10 years.
Ransomware-induced downtime is often more costly than the ransomware demand itself.
When does a cybercriminal like to attack?
Although attacks seem to spike during holidays, when organizations are under-staffed and people aren’t on their guard, there are particular scenarios that hackers take advantage of:
- Staff reduction
Ransomware can take time to propagate throughout a network, so the longer it takes for anyone to notice, the more damage they can do.
- Online shopping
When an employee makes an online purchases at work, they may be targeted by a malicious ad. If they click on it, the virus could infect the entire network.
- Risky log ins
Employees working remotely from multiple locations can compromise security if they log in through risky Wi-Fi hotspots or by using devices that aren’t secure.
- Email overload
When we open an inbox that’s bursting with emails, it’s easy to go on autopilot. It’s not hard to see how even a trained employee can let their guard down when filtering through a long list of emails and clicking on something they shouldn’t.
- Use of personal emails
Company emails are more likely to block suspicious links and attachments, whereas personal emails aren’t usually filtered for malicious content.
- Password similarities
By having the same password (or a similar one) for many personal accounts, it can provide hackers with easy access to your information.
It’s important to understand that isn’t a matter of if your company will be attacked, but a matter of when. The biggest threat to the security of your business is to ignore the possibility and not act.
Understand that hiring more staff for this issue may be impractical. AI and automation can only go so far to resolve incidents. It’s necessary to build a relationship with a trusted Microsoft partner such as Columbus Global. We can fill the resource gap, hunt for and prevent against high-risk threats, and teach you the best strategies for building a robust cybersecurity front. Cybercrime can be stopped.
It's also useful to understand the four pillars that make up the foundation of good information security:
- Identity and access management
Most breaches begin with compromising identity. The first level of defense should be a robust authentication and authorization layer. This will provide the basis for frontline security by adhering to conditional access, zero trust rules and endpoint protection.
- Threat protection
Having the capability to detect and prevent attacks across email, endpoint and third-party SaaS applications is critical to identify and respond to intruders.
- Information protection
A modern security platform is designed to safeguard all your data across your entire enterprise.
- Cloud security
This pillar ensures a strong security posture that can stand up against threats from anywhere. We must protect our sensitive data and manage insider risk with intelligence. Strengthen cross-cloud security posture, protect your workloads and develop secure applications.
- Make an offline backup of your data.
- Don’t click on suspicious links.
- If you use RDP, secure and monitor it.
- Update your OS and software.
- Use strong passwords.
- Implement multi-factor authentication.
What is Microsoft doing to protect against cybercrimes?
Microsoft mines telemetry and applies AI and machine learning to the data. Through this, they can understand the threat. Because they have access to so much data, they have unparalleled insight. Microsoft receives eight trillion signals a day through their enterprise and consumer services. They scan over 1 billion devices each month and analyze 470 million emails.
As a Microsoft Gold Partner, Columbus is able to offer industry-specific solutions and support powered by Microsoft technology and backed by the robust cybersecurity team at Microsoft.