Cybersecurity is becoming an issue that is impossible to ignore yet extremely complex in its nature. In order to know what steps to take to safeguard their systems and mitigate the risk of a security breach, business leaders must first understand what – and where – the biggest risks are.
Tripwire, Inc. recently announced findings from research it conducted that revealed nearly all of the information security professionals surveyed agreed that ransomware attacks will increase in 2016, with 56 percent of respondents also saying naming ransomware as one of the top three cybersecurity risks threatening their companies. And although they are aware of the prominent threat ransomware poses, just 22 percent of the participants reported feelings of confidence in their ability to recover from an ransomware incident without sensitive data being compromised or lost.
“While prevention is the goal for every organization, being able to respond to an infection is every bit as important,” Tripwire Senior Security Research Engineer Travis Smith said in the press release. According to the Tripwire announcement, in the first three months of this year alone, ransomware attacks generated more than $200 million, indicating that hackers may obtain at least $1 billion by the end of 2016.
The real risk of ransomware
Network World reported that one of the biggest ransomware threats has been one of the most recent, CyrptoWall v3, which in itself has cost users across the globe at least $325 million so far. Some of the most popular ransomware attack schemes involve spear phishing, which is when cyber criminals use malicious code links sent through emails. These deceitful tactics are aimed at employees who falsely believe the message is coming from a credible source.
“Both the frequency and intensity of ransomware attacks is on the rise.”
When opened, the code encrypts sensitive and important files and essentially makes data impossible to access for its rightful owners unless they pay the criminals a ransom fee. And it’s not just desktop computers that this is happening through; it is also occurring through channels such as SMS messages. Furthermore, hackers are now able to access virtually any of the smart devices increasingly being used by businesses and individuals, from mobile phones to home security systems.
There are a handful of other vectors of attack that companies should be aware of, which were highlighted by CNBC. For example, ghostware and two-faced malware. These schemes make it so hackers can penetrate networks and access sensitive data and information, but in a way that cannot be detected and makes identifying the hackers incredibly difficult, preventing suspicions of their presence. Other versions include blastware, which shuts down a system once detected, and what is known as headless worms, viruses aimed at devices such as smartwatches and phones.
It was also noted by CNBC that growing cybersecurity threats lie in machine-to-machine learning and the Internet of Things. It seems that as our connectivity increases, so does our susceptibility to cybersecurity attacks. There are nearly 7 billion connected devices being used this year, the source reported, but this is expected to jump to a whopping 20 billion over the next four years.
Best practices for cybersecurity and preventing attacks
It is expected that the threat of ransomware and other similar types of attacks is going to intensify and increase over the next few years. To avoid falling victim to such a security breach, businesses must take a number of steps to ensure computer protection and information security. For starters, there need to be multiple layers of defense safeguarding computer networks and devices. Antivirus software should be regularly monitored and updated and data should be backed up on several different platforms.
However, it should also be noted that unprotected or outdated systems are not the only source of security vulnerabilities. One of the biggest threats a company has that puts it at risk for an attack or data breach is its internal users. Lack of cybersecurity awareness and training can put organizations at a significantly higher susceptibility to cybercriminals. As Tripwire’s security engineer pointed out, security doesn’t just mean taking measures to prevent the attacks, but providing training and guidance on how to handle incident response in the event that an incident occurs. And this should be done throughout all levels of the organization, especially considering ransomware schemes like spear phishing happen primarily through emailing employees.
“Companies should definitely enforce more security policies,” Fortinet Global Security Strategist Derek Manky told CNBC. “Security’s becoming a board level discussion, so that’s already happening and it should continue to happen.”
At the National Cybersecurity Institute, we offer cybersecurity education programs and training courses that teach how to deal with the ever-evolving world of information security and threat intelligence. Business professionals of all levels can choose from our extensive list of IT and cybersecurity preparation courses, including the (ISC)2 Certified Information Systems Security Professional (CISSP), or take a specialty course, such as the Cybersecurity Awareness for Supervisors and Managers.