You have probably grown numb to the nonstop reports of businesses hit with ransomware. And you think to yourself, “these are all large businesses so I have nothing to worry about. I’m too small. My data is not that important. They have bigger fish to fry. It will not happen to me. Besides, I have antivirus and a firewall in place so I am secure, not to mention a backup program running”.
Business owners who think this way are going to be in for a big, unpleasant surprise. First off, while you read a number of headlines detailing how larger businesses are being hit with ransomware, what you don’t hear about are all the smaller businesses that are being hit as well. They don’t make the news. Nobody cares about ABC CPA firm getting hit, but they will care about one of the major firms being hit.
And you may think to yourself, it is more efficient for cyber criminals to target a larger business as the payouts will be substantially larger. This is where the dynamics of the cyber crime industry may not be overly clear. Let’s take a step back for a moment. A cybercrime business is a business just like yours. The only difference is that what they are doing is illegal. The cybercrime business has evolved into a very sophisticated ecosystem. It is almost like a dark franchise system. You have your large development groups which offer their software to the cybercrime community, typically in exchange for some revenue share off of the proceeds.
This has made it much easier for would-be cybercriminals to get into the business. And there are speciality “vendors” popping up offering services that make it even more efficient for cybercriminals to carry out their attacks. There are groups who specialize in gaining access to networks, and they “sell” their access levels to cybercrime groups, making it all the more easier to deploy ransomware. There are other services as well. For example, selling services that allow cybercriminals to easily wage phishing attacks against their targets to deploy their exploit.
Another trend now takes its idea from the managed IT services provider world. A managed IT services provider uses tools that allow them to efficiently monitor and manage their client’s networks. The cybercriminals are developing their own version of these tools. Tools are being developed now which allow a cybercrime group to install remote agents into their target devices and automatically deploy their exploits. It is, in a dark way, an evolution of the cybercrime business model to a more mature and efficient business model.
As a result of these factors, it does not take the cybercriminal that much effort to set themselves up in business and begin deploying malware, and they can do so efficiently among both large and small businesses. And, as with all software, it will evolve and get better. Others may offer “competing” tools which may be better than what is out there now. All of these factors add up to a greater probability that you will get hit with ransomware, as it is becoming so much easier for a cybercriminal to do, and will get even easier as time goes on.
Now, your business and its data is not important to the cybercriminal, but they are important to you. How much will you pay to get your business back up and running again? You may have no choice but to pony up quite a bit of money. Financial incentive is the primary motivator of cybercriminals, and if they know they will get top dollar from every business they hit, it amounts to a huge payoff for them. You can rest assured that this will keep them very motivated to hit your business, if they have not done so already.
And be careful of relying on, say, antivirus or a firewall, to protect your business. While these tools have their place, no one security solution is going to provide you with complete protection against the cybercriminals. Cybercriminals are very persistent and will keep trying and trying to get into your network. This is why it is important to have a multi-pronged cybersecurity strategy in place, and not just rely on a few security tools and hardware devices. At some point they will get past all these, and it will be game over if you have not developed a strategy for dealing with them getting through to your network.
And you say you have backups. That’s great, but when was the last time that you checked them? Do you monitor them to make sure they are running? Do you periodically do test restores to make sure they are working? And what if the criminals do what is called exfiltration, which is taking a copy of your data, and threaten to expose it? Now the backups are useless and you may be compelled to pay up anyway. Or perhaps the cybercriminals found your backup and deleted it.
The cybercrime community is a very active, dynamic community with great financial motivation looking for ever more efficient ways to deploy ransomware to businesses and other organizations. I caution you to take the cyber threat very seriously, regardless of how large or small your business is. If you don’t and do not take the proper preparation, you may find yourself out of business when the cybercriminals finally hit you. There are three types of businesses: those that have been hacked, those that will be hacked, and those that have been hacked and don’t know it yet. Proper preparation is key to weathering the cyber attack storm. If you would like to learn more, let’s have a conversation.
