For most of the world, 2020 was devastating, a year mired in multiple crises. But in at least one industry, 2020 was a banner year! Cybercriminals had a massively productive and profitable year, seizing opportunities to target the millions of people suddenly working from home. Most companies were unprepared to secure an entirely remote workforce, relying on remote desktop protocol (RDP) and strained VPN infrastructures, leaving workers ripe for attack.
Ransomware was particularly successful, with estimates that attacks cost businesses $20 billion worldwide in 2020. Unfortunately, ransomware has become both lucrative and easy to deploy, with sophisticated kits readily available on the dark web that require only a small investment and minimal coding skills.
Ransomware is also a high-probability attack from the attacker’s point of view; inevitably, an employee/contractor/partner will be fooled by a convincing-looking email containing a malicious link or attachment, which, upon execution, triggers malware that locks up files on the user’s computer and/or looks for ways to piggyback on existing executables and pathways in the network to find, access, and encrypt company-critical databases.
In successful attacks, affected organizations have to contend with loss of data; system disruptions; inability to serve customers for extended periods; and, in a few cases, a complete operational shutdown until systems, networks, or data are restored to serviceable levels. Needless to say, any company that falls victim to this type of attack is subject to financial, operational, reputational, and potentially regulatory consequences. In other words, the damage from a ransomware attack exceeds the impact on the network.
It is far superior to prevent a ransomware attack than to have to deal with the aftermath. Even so, some experts continue to say that the best advice for handling the threat of ransomware is to train users not to click on things and to maintain backups of all business-critical data and information.
While it’s true that if no person ever clicked on links or downloaded attachments, organizations would be freer from incidents. However, business isn’t conducive to never clicking or downloading, scrutinizing the contents and headers of every email, and questioning each correspondence received throughout each day. Disabling users’ ability to click on a link or download an attachment is one way of approaching the problem, but doing so comes with repercussions beyond cybersecurity—in the eyes of a business executive, the probability of a ransomware attack activated by a user’s click is far less than that person’s inability to do their job effectively if they can’t access important information. Even though ransomware is headline news, most non-security executives (at least those who haven’t lived through the fallout) would say their teams’ productivity takes precedence over the possibility of a cyberattack.
As for backups and disaster recovery plans, there is no doubt that every company should have them. Failing to do so is negligence, at best. All companies—at some level—will fall victim to a security incident or system outage, even if the impetus is unintentional and not instigated by a nation-state cybercriminal. Planning thoroughly for a disaster, however, does not erase the need for stronger ransomware protection.
In other words, even if a company can swiftly recover from a cyberattack (which is unlikely), it doesn’t mean recovery efforts should be the default position. A layered security defense means starting from the viewpoint that the company will execute its best efforts at implementing preventative security controls, An ounce of prevention is worth a pound of cure.
Learn more in this whitepaper: Defending Against Ransomware with Zscaler Workload Segmentation.