Since the start of the pandemic, with the increase in home working, the number of global ransomware attacks has dramatically increased. This means it’s vital for you to think about the best ways to protect your organisation from an attack and to put measures in place so that if you do fall victim, this would be either having the appropriate cyber prevention solutions in place to isolate the infection and prevent it from spreading or to ensure you can restore systems quickly from backups without paying the attackers.
Hybrid working: The scale of the ransomware problem
The UK government cyber security survey published in March 2021 reported that:
- 39% of all businesses suffered cyber security breaches or attacks in the previous 12 months
- For medium-sized and large businesses the figures were even higher, at 65% and 64% respectively
- One in five of those who were attacked ended up losing money, data or other assets and a third reported that attacks had other negative impacts, such as the extra cost of implementing new security measures, the loss of staff time and wider business disruption.
The survey also showed that the move to home working during the pandemic has made it harder for businesses to implement cyber security measures. With a rapid change to digital infrastructures to maintain business continuity, here was an increase in the use of Virtual Private Networks (VPNs) and cloud servers. This meant many organisations faced completely new security challenges and working conditions.
Home working made it more difficult to upgrade hardware, software and systems, so 17% of businesses said they didn’t have up-to-date malware protection and 22% hadn’t set up network firewalls. 32% of large businesses also said employees were using unsupported laptops at home.
In short, the changing working conditions caused by the pandemic led to more cyber security risks – an environment that ransomware attackers have taken advantage of.
The changing nature of ransomware attacks
You might think a ransomware attack that steals data from your systems is the same as a burglar breaking into your home, stealing something valuable and leaving. In fact, attackers have been seen to wait a number of days after they infiltrate a network before activating any ransomware making restoration from backups futile.
When cybersecurity firm FireEye studied attacks between 2017 and 2019, they found 75% had been delayed – sometimes by as much as 299 days. This gives attackers the chance to make sure they haven’t been detected. It also gives them time and time to infiltrate as much of the system as possible.
This approach gives attackers the opportunity to steal as much sensitive corporate data as possible from their victims. Why? Because they don’t aim to simply lock users out of their data until they pay a ransom. Instead, they’re more likely to threaten to post business-sensitive data online, which could damage brand reputations.
How can you protect the business?
The bad news about the delaying tactics from ransomware attackers is that they often target your back-up systems first. This means that when you become aware of an attack, you have no way of avoiding the consequences.
It is a good idea to keep your back-up systems separate from the main servers. In particular, you need to keep them on a separate network to your main business systems and use different passwords for them. One approach is to have a local back-up, with an off-site mirrored back-up system. The mirrored back-up will be important for disaster recovery, but the local back-up will make it easier and quicker if you need to restore files, folders and large amounts of data or even the whole system.
Of course, if you’ve been the victim of an attack, it’s vital to check all your systems thoroughly, because the attackers could still have access to your network. In one case, an organisation paid around £6.5m to recover files, but didn’t do the necessary checks and two weeks later the same attacker used the same method to infiltrate their systems again and they had to pay out a second time.
By regularly testing and checking your network and systems and acting quickly if you’re the victim of a ransomware attack, hopefully you can avoid the worst consequences.
Blocking ransomware
The good news is that if you can detect security breaches quickly, you could save your organisation from a lot of damage and cost. There are now tools available that can provide end-to-end visibility, powerful analytics, and automated responses across your complete technology stack to stop sophisticated attacks.
Concerned about ransomware attacks? Talk to us
If you’re concerned about the on-going threat of cyber breaches in your business, we can help you decide on the best way forward. We’ll discuss how to protect your business and will look objectively at your organisation, systems and security needs and work with you to develop an effective security plan.
If you would like to speak to us about any aspect of this article, contact Andrew Wayman at andrew.wayman@sdt.co.uk or call our office on +44 (0)1344 870062.