You won’t hear a lot of cyber security companies like ours talking about it, you wouldn’t guess it from the news, but Ransomware attacks are actually on the decline. The first couple years of ransomware’s popularity it was everywhere and was growing fast. Few were prepared for it, so attacks could be carried out on a massive scale and be effective. 2017 saw a 70% decline in its use. So does this mean, ransomware is going the way of the floppy disc drive?
Unfortunately, ransomware attacks are still the modern-day shakedown that organizations of all sizes face. That’s because while the quantity of the attacks has declined sharply, the quality has become downright scary. Attacks have gone from random widely-cast nets preying on only the companies and individuals that would fall for their social engineering attacks to laser-beam focused smart attacks that only require one employee to make a single mistake over the course of weeks or even months of relentless and varied attacks.
How did a big city like Atlanta get breached?
Facts around precisely how Atlanta was breached and if they’ve paid the $51,000 ransom to regain their data yet are unclear. However, we serve a variety of government clients and we see attacks that if successful could bring similar damage to the Atlanta attack constantly. These are attacks that cybersecurity experts look at and wonder if even they would fall for them, much less the least technology savvy employee in a government office.
The fact is, compared to most organizations, government agencies have more data and less resources to protect it with. Having worked with government of various sizes and around the world, we get what the obstacles are, and while it can sometimes be frustrating as a taxpayer, those obstacles are totally valid.
Perpetrators of ransomware attacks are increasingly large organized crime syndicates instead of random individuals. If they want to get a password to a critical system out of your most gullible employee, they are going to. What you must do as a city leader is ensure that even with a password, the criminals can’t do much damage.
What can I do?
Multi-factor authentication like I wrote about last week, is one of the best ways to make sure only authorized users can get in, but there are also systemic protections like Advanced Threat Protection (ATP) and Data Loss Prevention (DLP) from Microsoft. ATP blocks harmful messages from being received in the first place, and identifies information leaving your business, and alerts you when something sensitive is sent, or prevents it from being sent. Also, be sure that your email domain has an SPF record set up for it.
In general, it’s important to know that an ounce of prevention is way better than a pound of cure when it comes to ransomware. There are plenty of tools to help keep your organization safe, you just need a partner or employee with experience using them to find a place between absolute protection and balancing that imperative with making it usable for users without being too onerous.
PSA: don’t pay the ransom if you can help it. It only makes the problem worse for everyone and more than half the time you don’t get your data back after paying a ransom anyway.
Did you know that breeches like the one that happened in Atlanta last for a mean duration of 140 days. What could someone learn about you company if they had access to your email for 140 days?