Cyber crime continues to plague global industries, and ‘ransomware’ is proving to be an ever-growing criminal threat. Both large and small businesses are targets, and attacks cause unexpected productivity disruptions as well as millions of dollars of losses. Maintaining a sound and reliable backup – preferably in the cloud – is both your best defense and your best recovery tool.
Ransomware Attacks on the Rise
Ransomware prevents your organization from accessing some or all of your digital resources until you pay a ransom, and it seems no business or entity is immune to this crime.
- Last year, about 70% of ransomware attacks targeted small businesses, with the ransom demand averaging $116,000 (although some demands were in the millions of dollars).
- Small businesses aren’t alone with the threat, however. In May of this year, the the “Robbin Hood” malware struck the City of Baltimore, disabling almost all of its online and computer functions. It took more than two months for employees to recover their email files, and they were forced to provide services manually while IT was restoring the system.
- Pitney Bowes, the multi-billion-dollar ecommerce giant, was hit just this month (October 2019), with attackers targeting its core mailing and shipping services. The company is still working on restoring its programming, but the losses caused by the disruption in services will be significant.
In the Pitney Bowes case, it doesn’t appear that sensitive information was exposed, but that may be simply because of sheer luck. Ransomware perpetrators often focus on organizations that retain sensitive information, such as customer names, accounts, and finance records. In the ten months of 2019, more than 140 ransomware attacks in the U.S. targeted two specific victim-types, governments and healthcare providers. The thieves were looking for ‘personally identifiable information’ (PII) that fetches high prices on black markets. In Texas, a coordinated attack affected 22 state agencies all on the same day, locking their IT systems to prevent access to files and programs. And the healthcare industry reports over 700 cyber incidents in 2018 alone, 85% of which were ransomware attacks.
No entity is safe, apparently, from this menace.
Who’s Vulnerable – and Why
The challenge posed by ransomware is its ease of access to your machines and servers. Email systems are a favorite ransomware format, and ‘phishing’ is a common method of gaining access to corporate servers. ‘Phishing’ involves luring a worker to click on an attractive but infected email, which, when opened, unleashes the malware into that machine and its connected servers and networks.
The infected email can wear many masks, too, making it easy for users to disregard it as a threat:
- It often resembles a note from a trusted source, so workers will confidently click on it.
- ‘Malspam,’ unsolicited spam email carrying the malware, can introduce booby-trapped attachments or contain links to infected websites.
- ‘Malvertising’ emails look like attractive offers for something users might want. Clicking on them, however, opens access to their machines by criminal servers that scan for vulnerabilities, then demand ransoms for the data contained in those now-infected files.
So what makes a company susceptible to ransomware? In most cases, it is simple user error. Email is ubiquitous, so anyone who uses it is vulnerable to a ransomware attack. Ergo, for many companies, their defenses are only as good as their employee training on email management.
However, other circumstances also increase the risk of being a target:
Your business is in a susceptible industry
As noted above, any industry that handles sensitive PII is a target for malware. If your business involves obtaining and retaining confidential consumer information, it’s also more likely to be targeted over companies that don’t hold that information.
Your systems aren’t current
Many companies don’t spend money on critical programming updates, only to find their aging software can’t protect them from viruses those programs were not designed to recognize.
Your organization regularly uses mobile devices
Those disparate endpoints are often not protected from malware nor connected to the security protections provided by your enterprise, especially in this day of “Bring Your Own Device” to work. Again, if your workers use their personal devices for corporate activities, then your data security is only as safe as your most lax employee.
Poor employee training
Some companies provide no security training for their workers, so they are exceptionally vulnerable to successful ransomware or other cyber crime attacks. Those that do provide training may not emphasize the concerns posed by malware, or provide appropriate precautions for their workers to use when accessing potentially vulnerable systems.
Poor policy enforcement
Even companies with excellent worker training, however, remain vulnerable if they don’t enforce the policies that underscore that training. In this case, the corporate culture may be the most attractive element to the criminal if it fails to follow through with enforcing its rules about data management. In many cases, hackers simply follow an employee into sensitive data stores through the workers’ insufficient ‘access’ protocols.
Recovering from a Ransomware Attack
Obviously, taking the time to correct any insufficient in-house practices can go a long way to preventing being the victim of a ransomware attack. Be sure to analyze how your organization manages its data, and implement protocols to emphasize industry best practices in data security behaviors and activities.
However, it is also essential that you take appropriate actions so you can recover from an attack and your organization remains on the job even after an attack has occurred. For many experts, the best and fastest way to recover is by having a fully functional backup resource to turn to, and for many companies, that resource is the cloud.
The Cloud Offers Solutions to Malware Threats
Cloud computing offers a myriad of opportunities; acting as the backup resource for cyber crime victims is only one.
Cloud-based experience and knowledge
Cloud services providers are in the business of keeping your business safe, so they are up to date on current ransomware and other security threats. It is also their business to remain educated as threats emerge or subside, so their security programming is (almost) always more current, comprehensive and more affordable than anything you can generate in-house.
Cloud designed specifically for malware threats
Cloud programming evolves as threats evolve. The best cloud providers use software that automatically scans for emerging malware and shuts it down or removes it before it causes damage. Further, because the cloud is remote from its client, many threats are eliminated before the customer even knows they were in danger.
Cloud eases rollbacks
Cloud backups offer versioning capabilities, so your files can be rolled back to the most current, pre-attack standard. Optimally, your backup schedules keep your backup files current or almost current with your primary servers, so rolling to the backup system won’t cause delays in your productivity. Staying in business while managing the attack eliminates much of the stress that may interfere with the clarity of your thinking at that incredibly stressful time.
Cloud provides built-in precautions
Not significantly, because the cloud is not connected to your network, it won’t be affected by malware introduced onto your systems. Consequently, while the attack may slow down your business activities, it won’t also pose a threat to your customers’ confidential data.
Retaining the Value of On-Prem Resources
Many companies are concerned that embracing the cloud will reduce the value they’ve already invested in their on-prem servers. For data and system security issues, the cloud offers the best opportunity for optimal safety and recovery, making it the optimal choice for this purpose. However, that doesn’t mean that on-prem resources lose their value. Depending on the data and systems requiring backup, on-prem servers are accessible in a hybrid solution that retains them for immediate availability while using the cloud service for backup storage functions.
The Cloud Enhances Business Opportunities, Too
Most companies experience significant gains in business productivity because of their cloud investments, even as they achieve enhanced data security levels with safer backups. In fact, the cloud backup opportunity offers protections against other concerns, not just cyber crimes.
Today’s weather is posing challenges all across the country, and most companies aren’t prepared when their physical location floods, burns, or is blown apart by gale-force winds. The cloud backup opportunity provides a second rendition of their corporate programming; in inclement weather, they may lose their building, but they won’t lose their business.
Competing cloud customers eroding service levels
Some companies fear they will lose their cloud access to other cloud customers during peak demand times, so they stick with their on-prem servers. Many cloud services providers offer dedicated servers specifically for individual clients so that all that processing capacity is available when needed. Providers configure these dedicated servers to facilitate every digital tool necessary, including email, domain names, and FTP (file transfer protocol) services. There’s often a control panel included, too, that facilitates easy management of applications and functions.
Cloud backup solutions provide optimal resources for companies that must retain data for compliance purposes, too. Compliance requires adhering to industry standards and also being able to prove that adherence, usually with the help of older records. Retaining those records in a cloud backup configuration assures that they’ll be available, accurate, and accessible when needed.
Cloud backups also help to reduce corporate costs, especially for companies invested in growth. New locations can easily access the cloud-based files for scaling purposes, so they can launch using current standards on day one. And cloud servers themselves, dedicated or otherwise, are usually better able than on-prem resources to expand to encompass the growing volumes of data produced by multiple corporate branches.
Cloud as a Solution to Ransomware and Other Challenges
No business is immune from cyber crime threats, but the cloud backup solution ensures every company can remain in business if attacked. Further, cloud backups provide solutions for many other enterprise-level challenges, offering flexibility and efficiency at a reasonable cost, regardless of the size of the organization. If your company might benefit from accessing a cloud backup for security or other reason, call the experts at NetDepot to find the services you need.