What is unpredictable, impossible to stop, and potentially extremely dangerous for your company? It’s the ransomware attack – a type of malware used for data kidnapping: the attack encrypts the victim’s data and asks for money in exchange for the decryption key.
A survey by Osterman Research on behalf of Malwarebytes in June 2016 has revealed that 54% of organisations in the UK had been targeted by ransomware attacks – in 20% of the cases, it was so violent and intrusive that it stopped business immediately. The most targeted industries were the healthcare and finance sectors, which cannot risk losing their data – it was a matter of life and death.
To pay or not to pay?
Consequently, 58% of organisations hit by ransomware paid the ransom. Even if at first glance it seems the obvious choice to get the files back, how can ransomware victims be 100% sure that data are not manipulated or back doors added to grant the cyber criminals free access for further attacks? What happened when they refused to pay the ransom? 32% of the organisations that refused to pay lost the data that had been kidnapped – without the decryption key it is very hard, if not impossible, to decrypt the files. It’s best to have backups.
Ransomware exploits companies’ weakest link: employees
What was the entry point for ransomware attacks? 39% of organisations hit by ransomware said it came through an email. In the best scenarios, this only affected the endpoint of entry, in the worst (10%), all of the company’s endpoints were hit. Cyber criminals target employees because they are considered the weakest link. 29% of companies said that the attack hit lower-level staff and 42% hit mid-level managers. This is possible because of a lack of awareness: 76% of UK adults don’t know what ransomware is, according to an ISACA research.
Raise staff awareness to protect yourself from ransomware
The ultimate barrier is your employees. Faced with a malicious email or unsecure website, it’s up to your employee whether or not to click the deceptive link. I agree with what Andy Buchanan, the Country Manager UK at RES Software, said: “The Top priority for a company concerned about ransomware is its users. Cyber criminals understand the environment they are attacking, and that employees are often the weak link. Using phishing campaigns, workers can be tricked into clicking insidious emails. […] companies have a duty not to place blame, but to educate their staff.”
Make cyber security and educating employees a priority
Train your whole staff with cost-effective and time-saving solutions: e-learning courses. They save you accommodation and travel expenses, and they don’t require your staff be gathered together. Each of your employees can attend the course from wherever they are, at any time, and as many times as they need. Choose from:
- Information Security e-learning course – designed to help employees gain a better understanding of information security risks, this course addresses issues like information security at home and at work, and includes a chapter on phishing.
- Phishing e-learning course – designed to raise employees’ awareness of phishing attacks, this course provides guidance on identifying phishing attacks and the measures to take to avoid falling victim.