While hacking, data theft, and corruption dominate the headlines, the threats to businesses posed by cyberattacks stretch far beyond the digital realm. Consumers are increasingly concerned about the security of their information that is held by companies they patronize and are negatively influenced if they believe a business is not adequately protecting data. A PricewaterhouseCoopers survey found that 87 percent of consumers are willing to take their business elsewhere if or when a company has a data breach.
In the wake of highly publicized attacks, business expenditures for cybersecurity reached $123 billion in 2020 according to the research firm Gartner. At the same time, studies conducted by the insurance firm Hiscox found that more than 70 percent of businesses are still unprepared for a cyberattack. The rapid race by businesses of all sizes to leverage technology to improve efficiency and gain competitive advantage has brought with it an unprecedented host of complex threats that most are ill-prepared to protect themselves against.
For centuries, entrepreneurs have had to overcome physical threats such as fire, flood, and theft to avoid being the next shop with a “Going Out of Business” sign in the front window. These risks were largely visible, tangible, local, and not likely to change quickly over time. On the contrary, threats to digital assets are everything that physical risks are not. They are virtual, invisible, global, and rapidly evolving. Mitigation strategies that are effective against a particular computer attack right now might be rendered permanently obsolete in the next few seconds.
While the world’s consumers create a seemingly insatiable demand for connectivity and 24/7-anywhere access to information of all kinds, businesses are racing to stay relevant in an increasingly tech-dominated world. Unfortunately, security is the often-overlooked component of this race forward, falling victim to budget constraints, ignorance, and apathy.
As technology evolves, so do the threats to its security. The first hackers often focused on gaining access to systems just to prove they could. Damage to, or theft of data was rare. Much has changed in just a few short decades. Modern cyberattacks are coordinated, sophisticated, and well-funded operations often run by criminal enterprises or even nation states. The goals of exploiting security weaknesses are largely financial, but also increasingly include corporate or political espionage.
Of all the modern cybersecurity threats, ransomware has rightly dominated the headlines. In the simplest terms, this attack traditionally involved “kidnapping” the victim’s data in place by encrypting it with a password only known to the attacker. The data was technically still on the victim’s systems; however, it was completely inaccessible. The key to unlock the data would ostensibly be provided after the victim paid the demanded ransom. Attackers would indiscriminately attempt to infect millions of computers without regard to the importance of the systems, or the potential victim’s ability or desire to pay the demanded fee. Surviving a traditional ransomware attack was largely a mixed bag. Sometimes victims paid the ransom and regained access to their files, sometimes the ransom was paid, and the key was never provided and, in some cases, even the attackers lost track of how to decrypt the files. For years, mitigation steps for ransomware relied heavily on restoring lost data from backups and eliminating the security gaps that allowed the attack to occur in the first place.
In the past few years, ransomware attacks have evolved into much more sinister and sophisticated attacks. Businesses and government entities are now the preferred targets, with a preference for critical infrastructure and services. The “kidnapping in place” model has also been modified to include the theft of sensitive data and attempts to establish long-term, persistent access to the victim’s computer systems that can be used to conduct further malicious acts. Stolen data is increasingly being used to further extort the victim through threats to release it publicly if the ransom is not paid. This was recently highlighted when the Washington D.C Police Department was attacked by ransomware and the attackers subsequently posted police officers’ personnel records and street-gang intelligence information on the Internet when their demands were not met.
Contrary to the beliefs of some people, ransomware attacks can be prevented, mitigated, and you can recover from them. Like the attacks themselves, cyber protection and prevention mechanisms are rapidly evolving and necessarily must be complex and comprehensive. The need for sophisticated prevention, protection, and response mechanisms places modern cybersecurity outside the reach of traditional information technology departments and do-it-yourself operations.
Ransomware prevention, like all other cybersecurity, requires a multi-faceted approach from numerous disciplines. There is no single tool, software, or procedure that can do it all. The following list highlights a comprehensive methodology for ransomware prevention and preparedness:
• Be proactive. Recovery after an attack is more difficult and expensive than preventive measures
• Engage cybersecurity specialists
• Conduct periodic vulnerability assessments and penetration tests of all networks and systems
• Remediate all known and identified security gaps
• Create, test, and utilize comprehensive disaster recovery and business-continuity plans
• Ceate and test full, offline backups of all critical data
• Create, test, and utilize incident-response plans that address cybersecurity threats
• Establish retainer agreements for cyber-incident response specialists
• Budget appropriately. Security costs are necessary and recurring.
Cyberattacks and risks to data security represent a clear and present danger to the ability of companies of all sizes and sectors to grow and prosper. A single attack against an ill-prepared business can cause crippling recovery costs and damage customer confidence beyond repair. The takeaway from the many entities that have suffered and recovered from cyber incidents in the past is that it does not have to be a death sentence. In the end, those that are proactive, plan, and prepare will be the ones most likely to survive and thrive in this rapidly changing landscape.
Tony Martino is co-founder and chief operating officer of Anjolen Inc. Contact him at Tony@anjolen.com.