More than fireworks exploded as Americans were prepping for Independence Day celebrations as hundreds of companies awoke on July 3rd to yet another massive ransomware attack.
This attack attempted to cripple the networks of up to 200 companies and up to 1,500 downstream businesses. All signs point to it being the handiwork of a ransomware organization most likely based out of Russia, REvil, whose online presence has since been taken down. Their target Kaseya, a U.S.-headquartered company provides software to its IT outsourcing customers. Those IT companies then provide services to their clients – the up to 1,500 downstream businesses both small and large around the world.
According to a report from the Palo Alto Networks cybersecurity firm, the average payment to the group was about half a million dollars in 2020, a figure many small businesses simply can’t absorb. This latest attack demanded a total of around $70 million.
Cybersecurity experts point out that small businesses have a trickier time defending against such attacks, as they often depend upon the security of their suppliers and on the software that those suppliers use, versus their own internal security infrastructure.
What is Ransomware?
Ransomware essentially encrypts networks until the victims pay off the attackers. It is malware designed to encrypt or lock files and demands payment to regain access to them.
Ransomware is a crime and its creators seek to either make money or create chaos. Most often, the scheme is launched when users are tricked into clicking on deceptive links or by the exploitation of vulnerabilities in an organization's systems.
Some ransomware marks files for permanent deletion, with creators demanding ransom payments (often by cryptocurrencies like Bitcoin, as they are untraceable) to obtain the private decryption key needed for file access.
According to an NPR article, the United States suffered 65,000 ransomware attacks in 2020, or more than seven attacks per hour! Cybercrime such as ransomware is a problem that seems likely to only get worse. While Kaseya quickly advised its customers to shut down their servers running the affected software, small businesses would be wise to take a look at additional proactive data security precautions they should put in place.
Related Reading: The Evolution of Ransomware
Ouch! A Security Breach Can Really Cost Small Businesses
With margins often razor thin for many small businesses, a data breach can really pack a financial punch. The average cost of a data breach for a small business is $36,000 to $50,000, according to Security Magazine. While these figures don’t make the front page of the Wall Street Journal, they also can make or break the future of a small business, which is less financially prepared to take the hit of the associated costs. Not only can a business be subject to industry fines, but also the cost of an investigation, credit monitoring services for impacted customers, and more. These are all expenses a business can expect to pay.
What Can Small Businesses Do to Prevent Cybercrime?
According to the Global Security Alliance, some estimates indicate that 58 percent of cyberattacks are targeted specifically against small businesses. Phishing, malware, and ransomware attacks can have devastating financial, as well as PR consequences.
Small business or large, the chances of your organization being targeted by cybercriminals – whether for ransom or theft of the personal data that is invaluable to your business and customers are high. However, there are some key actions you can take to help mitigate your risks, such as:
- Define or refine your cybersecurity plan: Security starts with a plan of defense and action. Review your existing plan for any gaps and update it if needed. Need some inspiration, check out this article on how to revamp your organization’s cybersecurity stance.
- Start security measures from inside your business: Whether inadvertent or intentional, those inside your organization can cause a data breach when transferring data. Putting a data loss prevention (DLP) solution in place can help stop the transmission of data sent by mistake or hidden in metadata before it ever leaves your organization through content inspection that proactively detects and redacts sensitive information.
- Send files securely: You don’t have to be an enterprise operation to step up your game when it comes to exchanging files. A managed file transfer solution (MFT) provides a more secure way to transfer files and delivers automation ease and simplification. So, your users are more likely to adopt it instead of methods that are less secure, like email or unsecured FTP. GoAnywhere MFT delivers its secure file transfer solution with dashboard-ease and with automated workflows to make transferring files easier and more streamlined.
- Layer up for data security: One solution does NOT provide all answers when it comes to addressing cybercrime. Fortra’ data security suite delivers a robust portfolio of solutions to address encryption, secure file transfers, data loss prevention, data classification, and digital rights management.
These precautions, along with the usual advice: store data backups offline, require multi-factor authentication for network access, employ threat intelligence solutions to monitor network traffic, and more can all go a long way to not having to pony up to threat actors on the prowl.
Related Reading: The Biggest Cyber Risks Organizations Face Today
Guidance to Prevent Cybercrime from GoAnywhere MFT
This latest cyberattack is just another wave in an ocean of potential cybercrime. Arm your small business (or large) with knowledge, strategies and tactics to defend against. This guide, Defending Against Data Breach, will help you:
- Examine the problems that create higher risks
- Explore today's regulatory landscape
- Discover technical burdens that both management and IT teams face
- See how the right data encryption technologies can reduce the risk of data theft without hampering an efficient workflow
Getting inside the mind of a hacker or ransom demander can help you learn to better secure your data, protect the data your customers entrust to you and keep your customers’ information safe.
Want to See Secure MFT in Action Against Cybercrime?
Take 15, 30 or even 60 minutes depending on your unique business environment to learn how secure managed file transfer can add a layer of security to your cyber defense strategy.