Things have been seeming a little apocalyptic lately. Ransomware attacks over major pipelines, a pandemic…the stuff you only used to see in tv and movies. Unfortunately, the influx of ransomware attacks is not solely the plot lines from Hollywood. In fact, in 2020 alone, there were 304 million ransomware attacks worldwide (statista.com). 304 million people were victims of vicious malware that quite literally held their files/computers for ransom. Ransomware is a great reminder that cybersecurity is of the utmost importance for you and your company. These types of attacks are not going anywhere any time soon; in fact, they are going to get worse before they get better, especially with our ever evolving dependency on technology in our lives. This blog will explain exactly what ransomware is, how to protect yourself/your company against it, and what it means for society.
The best way to protect yourself from something, is to learn about it and what exactly it is. Knowledge is power! Ransomware is defined as “an ever-evolving form of malware designed to encrypt files on a device, rendering any files and the systems that rely on them unusable. Malicious actors then demand ransom in exchange for decryption. Ransomware actors often target and threaten to sell or leak exfiltrated data or authentication information if the ransom is not paid”, according to cisa.gov. Ransomware is especially dangerous because of the fact that it can hold your software and information captive until those holding your files are paid off or shut down via gray hat hackers, or law enforcement (if either are even possible). Breaking it down further, malware is malicious software that enters your computer through a variety of ways – phishing and spam emails, corrupted drives that get plugged into your computer, unsecured sites, or hidden in other software upon download, to name a few. That’s why it’s important to be extremely vigilant with what you’re doing online because it has bad implications for you and your data otherwise.
The most important thing to protect when using the web, is your data. Some of it will get used by marketing companies trying to target advertisements, but that’s mostly given to them by navigating their sites and accepting their cookies anyway. Personal Identifiable Information (PII) is under a company’s responsibility to protect and could bring consequences if given, sold, or distributed to other parties without the person’s permission. Laws such as Europe’s General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA) help safeguard consumer’s data when online and can enact dire consequences on those who don’t comply with these regulations. Breaches involving ransomware can put organizations into these precarious situations and launch investigations into how an attack happened.
In addition to potentially losing access to your data and systems, another risk of ransomware, as with many other cyberattacks, is the reputational, liability, and operational risks. Companies store tons and tons of data that cause problems when leaked, including their business prospects. Wouldn’t you want to do business with a company that keeps your data secure? Obtaining new customers and retaining existing customers becomes a challenge when a company makes a headline for being under attack. Lawsuits can also arise for damages caused by data breaches, especially if customer data was affected or even sold through an attack. The operational risk is inherently great as well because if confidential files get exposed about how a company runs, competitors would take advantage of this information and ruin whatever competitive edge the breached company had. The good news is that there are some ways to prevent such attacks.
Employee and company training on how to avoid clicking on dangerous links, opening suspicious emails, avoiding untrusted sites, using VPN, and other cyber security measures will play a big role in keeping ransomware from invading. Making sure your systems, servers, third parties, and computers have the proper security softwares in place is also key. Insider attacks can happen, so it’s important to give access to critical systems to only those necessary and adding secure entryways into important areas. Also make sure your third party vendors go through the same training as your employees to ensure they also deploy cybersecurity practices when dealing with your data. With people working from home these days, it’s important that employees use their VPNs and multi-factor authentications to identify and protect them and the company. Having an engineer team on standby for when things do go wrong doesn’t hurt. The more precautions you take, the better off you’ll be.
As a whole, society needs to bolster the security of the internet and virtual infrastructures. More advancements in technology, such as VR and digital wallets (really everything), will continue to put people’s data and information at risk. The more dependent we are on the digital universe and uploading our whole lives, the more vulnerable we become. As cybersecurity professors around the world can be heard saying to their students, it’s not a matter of if, but when an attack will happen. You can do the most to protect yourself and sometimes the bad actors out there still find a way. With great technology comes great responsibility! We must deploy cybersecurity best practices when it comes to using the world wide web, especially when it involves our personal identifiable information (PII) and sensitive (confidential at times) information. As long as we take these precautions, we can keep ourselves, companies, and data safer. The more we stay informed on best practices when online, the more protected ourselves and society will be, especially when it comes to our valuable data.
