A major challenge for most companies at the start of the pandemic was adapting to home working and online meetings. Unfortunately, the change in business behaviour paved the way for an increase in ransomware attacks that exploited weaknesses in the shift from physical to digital working. Now, two years later, ransomware attacks continue to be a growing and serious security risk for businesses around the world.
A new ransomware epoch
Advanced ransomware attacks can take seconds from start to finish, and they can compromise companies' data, systems or infrastructure. As a result, financial loss is no longer necessarily the biggest concern for affected businesses.
For many companies, the shift from physical to digital work has led to an increase in the use of IT and OT systems, which has given hackers many new targets. As well as now having new types of data or technologies for hackers to target, companies also faced the initial challenge that many employees were unfamiliar with the use of the new systems - and they therefore posed a huge security risk to companies, which hackers quickly began to exploit.
Chainanalysis Inc, a company that monitors blockchain transactions internationally, among other things, states in a 2022 report that hackers earned more than $1.3 billion through ransomware attacks from 2020-2021.
5 ways you can protect your business
Turn your employees into cyber bodyguards
Most ransomware attacks are initiated with a phishing email, and it only takes one unwary employee clicking a link or downloading a file for your business to be hit by a serious attack. It is therefore essential for all businesses to raise employee awareness of cyber threats and cyber security. One of companies' strongest cyber defences is attentive employees. And this applies to both those employees who work in the workplace itself and those who work remotely.
By creating a culture around cybersecurity among employees, you ensure that everyone is naturally aware of potential cyber threats, thereby reducing the risk of an employee falling for a phishing email. The best way to create the culture is through systematic awareness training. Human error in security breaches is caused by a lack of knowledge about cyber attacks and how they are carried out, a lack of knowledge about handling data and a lack of understanding of the consequences of one's own unconscious actions. Through awareness training, you can increase your employees' knowledge of cyber security and change their habits so that they are constantly aware of maintaining a strong security culture.
Here at Moxso, we offer both continuous phishing simulations, adapted to your employees' level, and awareness training through micro-learning. Our awareness training consists of relevant and easy-to-understand content and exercises that teach your employees cybersecurity and make them experts in identifying phishing emails. Our awareness training is easy, fun and effective - and you as a company don't have to take on any administrative tasks related to the training.
Have a contingency plan - and test it!
It's important for all businesses to have a contingency plan in place that outlines step-by-step what to do in the event of a security breach. The contingency plan ensures a thorough, consistent and effective approach to averting a ransomware attack and returning to normal operations as quickly as possible. Equally important, the plan needs to be tested so that everyone involved knows with certainty what to do and what to communicate to other stakeholders. At the same time, the software that is part of the contingency plan needs to be regularly tested and updated.
Before drawing up the contingency plan, it is a good idea to draw up a roadmap of potential hacker contact points with the company and where the biggest cyber security vulnerabilities are.
Make sure you take backups
It is important that the data in your business is regularly backed up and stored on an offline network or external hard drive. That way, you don't risk losing the data if a computer becomes infected with ransomware and it's not possible to decrypt it. It also pays to encrypt data so that it is better protected against cyber attacks.
Use security software
Using antivirus software and content filters on your company's email servers is a simple but good way to prevent phishing emails from finding their way into employees' email inboxes. In addition, it is possible to install internet security solutions that can block malware that could potentially infect employees' computer systems. Also, remember to update your protection programs regularly to ensuremake sure that the programs contain the latest security patches.
Expand your cyber security network
In addition to mobilising as many internal staff and stakeholders as possible in your preparedness plan and overall cyber security, you can also benefit from including external stakeholders and crime prevention entities when protecting your business from cyber attacks. By collaborating across companies and organizations, you can collect larger amounts of data, share that data, and create better cyber defenses. A joint effort can also increase the chance of recovering lost data. By communicating with crime prevention units, you can help them in their efforts to track down and dismantle organised cyber criminals and their networks.
About the author
Sofie Meyer is a copywriter and phishing aficionado here at Moxso. She has a master´s degree in Danish and a great interest in cybercrime, which resulted in a master thesis project on phishing.