If small businesses have one thing in common, it’s their ability to move mountains with very little resources. While this can help them become better disruptors and innovators, when that mentality is applied to an IT or security strategy, it can often result in result in costly, brand tarnishing cyber-attacks.
One particularly nefarious attack method growing in popularity is ransomware, or a type of malware that targets critical data and systems for the purpose of extortion. In April of last year, the FBI released a statement underscoring the threat ransomware poses to organizations as the payoff tends to be greater than targeting individuals. The Department of Justice has also taken a defensive stance on ransomware, reporting that there has been a 300 percent year-over-year increase since 2015.
I recently had the honor of moderating a roundtable on ransomware in San Francisco where experts across the industry came together to share their perspective on the changing cybersecurity landscape. After a lively discussion, they laid out the steps SMBs need to take to prevent these types of attacks in the future. Here’s what I learned:
1. Ransomware-as-a-service is on the rise (RaaS): RaaS isn’t just another buzzword to add to your lexicon; it’s a growing method of cybercrime that enables the everyday, non-technical user to download ransomware and use it against victims. Why should SMBs be concerned? This is but one example of hackers broadening their swath and making easier for the layman to carry out a devastating attack on your business.
2. The landscape has shifted from credit card theft to ransomware: While credit card fraud was the fad a few years ago, cybercriminals have pivoted to extorting money from businesses to taking control of your files and data. Often times it isn’t about stealing data – the broader trend is the extortion for a fee. This is a direct fraud attack unprecedented in the history of cybercrime.
3. Keep your eyes on Internet of Things (IoT): Small businesses and enterprises alike are increasingly expanding into IoT. But as the market continues to surge, recent large-scale attacks on connected devices have moved security to the forefront of the conversation. In October of last year, Mirai, a malware variant that turned thousands of IoT devices into bots aimed at carrying out a distributed denial of service (DDoS) attack against a number of companies. As these devices grow in usage, so does the opportunity for exploitation.
4. First and foremost, have a plan. I talked at length about how small businesses can protect themselves from ransomware attacks in my last article, but one invaluable piece of feedback echoed at the event was to have a plan of attack. Gather key business decision makers and discuss:
- Where are your employees located?
- What is are your most mission-critical assets?
- What is our back-up plan in the event of an attack?
Prioritizing the conversation around security should be the first step – but for many small business owners, it’s also the hardest. In closing, Brett Hansen, vice president of endpoint data security and management at Dell emphasized that small businesses should view cyber security in the same light as they do physical security. Only then can we move beyond attack response to a mindset of prevention.