Posted on October 25, 2019
Knowledgebase
Cyber crime continues to plague global industries, and ‘ransomware’ is proving to be an ever-growing criminal threat. Both large and small businesses are targets, and attacks cause unexpected productivity disruptions as well as millions of dollars of losses. Maintaining a sound and reliable backup – preferably in the cloud – is both your best defense and your best recovery tool.
Ransomware prevents your organization from accessing some or all of your digital resources until you pay a ransom, and it seems no business or entity is immune to this crime.
In the Pitney Bowes case, it doesn’t appear that sensitive information was exposed, but that may be simply because of sheer luck. Ransomware perpetrators often focus on organizations that retain sensitive information, such as customer names, accounts, and finance records. In the ten months of 2019, more than 140 ransomware attacks in the U.S. targeted two specific victim-types, governments and healthcare providers. The thieves were looking for ‘personally identifiable information’ (PII) that fetches high prices on black markets. In Texas, a coordinated attack affected 22 state agencies all on the same day, locking their IT systems to prevent access to files and programs. And the healthcare industry reports over 700 cyber incidents in 2018 alone, 85% of which were ransomware attacks.
No entity is safe, apparently, from this menace.
The challenge posed by ransomware is its ease of access to your machines and servers. Email systems are a favorite ransomware format, and ‘phishing’ is a common method of gaining access to corporate servers. ‘Phishing’ involves luring a worker to click on an attractive but infected email, which, when opened, unleashes the malware into that machine and its connected servers and networks.
The infected email can wear many masks, too, making it easy for users to disregard it as a threat:
So what makes a company susceptible to ransomware? In most cases, it is simple user error. Email is ubiquitous, so anyone who uses it is vulnerable to a ransomware attack. Ergo, for many companies, their defenses are only as good as their employee training on email management.
However, other circumstances also increase the risk of being a target:
As noted above, any industry that handles sensitive PII is a target for malware. If your business involves obtaining and retaining confidential consumer information, it’s also more likely to be targeted over companies that don’t hold that information.
Many companies don’t spend money on critical programming updates, only to find their aging software can’t protect them from viruses those programs were not designed to recognize.
Those disparate endpoints are often not protected from malware nor connected to the security protections provided by your enterprise, especially in this day of “Bring Your Own Device” to work. Again, if your workers use their personal devices for corporate activities, then your data security is only as safe as your most lax employee.
Some companies provide no security training for their workers, so they are exceptionally vulnerable to successful ransomware or other cyber crime attacks. Those that do provide training may not emphasize the concerns posed by malware, or provide appropriate precautions for their workers to use when accessing potentially vulnerable systems.
Even companies with excellent worker training, however, remain vulnerable if they don’t enforce the policies that underscore that training. In this case, the corporate culture may be the most attractive element to the criminal if it fails to follow through with enforcing its rules about data management. In many cases, hackers simply follow an employee into sensitive data stores through the workers’ insufficient ‘access’ protocols.
Obviously, taking the time to correct any insufficient in-house practices can go a long way to preventing being the victim of a ransomware attack. Be sure to analyze how your organization manages its data, and implement protocols to emphasize industry best practices in data security behaviors and activities.
However, it is also essential that you take appropriate actions so you can recover from an attack and your organization remains on the job even after an attack has occurred. For many experts, the best and fastest way to recover is by having a fully functional backup resource to turn to, and for many companies, that resource is the cloud.
Cloud computing offers a myriad of opportunities; acting as the backup resource for cyber crime victims is only one.
Cloud services providers are in the business of keeping your business safe, so they are up to date on current ransomware and other security threats. It is also their business to remain educated as threats emerge or subside, so their security programming is (almost) always more current, comprehensive and more affordable than anything you can generate in-house.
Cloud programming evolves as threats evolve. The best cloud providers use software that automatically scans for emerging malware and shuts it down or removes it before it causes damage. Further, because the cloud is remote from its client, many threats are eliminated before the customer even knows they were in danger.
Cloud backups offer versioning capabilities, so your files can be rolled back to the most current, pre-attack standard. Optimally, your backup schedules keep your backup files current or almost current with your primary servers, so rolling to the backup system won’t cause delays in your productivity. Staying in business while managing the attack eliminates much of the stress that may interfere with the clarity of your thinking at that incredibly stressful time.
Not significantly, because the cloud is not connected to your network, it won’t be affected by malware introduced onto your systems. Consequently, while the attack may slow down your business activities, it won’t also pose a threat to your customers’ confidential data.
Many companies are concerned that embracing the cloud will reduce the value they’ve already invested in their on-prem servers. For data and system security issues, the cloud offers the best opportunity for optimal safety and recovery, making it the optimal choice for this purpose. However, that doesn’t mean that on-prem resources lose their value. Depending on the data and systems requiring backup, on-prem servers are accessible in a hybrid solution that retains them for immediate availability while using the cloud service for backup storage functions.
Most companies experience significant gains in business productivity because of their cloud investments, even as they achieve enhanced data security levels with safer backups. In fact, the cloud backup opportunity offers protections against other concerns, not just cyber crimes.
Today’s weather is posing challenges all across the country, and most companies aren’t prepared when their physical location floods, burns, or is blown apart by gale-force winds. The cloud backup opportunity provides a second rendition of their corporate programming; in inclement weather, they may lose their building, but they won’t lose their business.
Some companies fear they will lose their cloud access to other cloud customers during peak demand times, so they stick with their on-prem servers. Many cloud services providers offer dedicated servers specifically for individual clients so that all that processing capacity is available when needed. Providers configure these dedicated servers to facilitate every digital tool necessary, including email, domain names, and FTP (file transfer protocol) services. There’s often a control panel included, too, that facilitates easy management of applications and functions.
Cloud backup solutions provide optimal resources for companies that must retain data for compliance purposes, too. Compliance requires adhering to industry standards and also being able to prove that adherence, usually with the help of older records. Retaining those records in a cloud backup configuration assures that they’ll be available, accurate, and accessible when needed.
Cloud backups also help to reduce corporate costs, especially for companies invested in growth. New locations can easily access the cloud-based files for scaling purposes, so they can launch using current standards on day one. And cloud servers themselves, dedicated or otherwise, are usually better able than on-prem resources to expand to encompass the growing volumes of data produced by multiple corporate branches.
No business is immune from cyber crime threats, but the cloud backup solution ensures every company can remain in business if attacked. Further, cloud backups provide solutions for many other enterprise-level challenges, offering flexibility and efficiency at a reasonable cost, regardless of the size of the organization. If your company might benefit from accessing a cloud backup for security or other reason, call the experts at NETdepot to find the services you need.