It’s October, and that means it’s Cybersecurity Awareness Month – designated by the president of the United States and Congress since 2004 and created to help people protect themselves online against the growing number of threats to technology and sensitive data. Together, the Cybersecurity and Infrastructure Security Agency (CISA) and the National Cybersecurity Alliance (NCA) lead a collaborative effort between government and industry to raise cybersecurity awareness nationally and internationally.
This year’s theme, “See Yourself in Cyber,” underscores the fact that everyone is responsible for staying safe online, because ultimately, cybersecurity is all about people. And there’s never been a more urgent need to fortify your security, due to the alarming rise in cybercrime, especially in the use of ransomware.
Not only has the FBI reported a 60 percent year-on-year increase in ransomware attacks, but many organizations are not at all prepared to defend themselves. According to Forbes, half of U.S. businesses have not put a cybersecurity risk plan in place, and keeping up with the increasing number of threats that are predicted over the next few years will be a major challenge. A July 2022 article from Dataprot cites that ransomware attacks businesses every 40 seconds, largely due to phishing emails, which are behind two-thirds of these attacks.
Ransomware is just one type of malware among many other kinds that can affect your daily operations and business continuity. But ransomware is especially dangerous, because it’s designed to deny access to a computer system or to data you need until a ransom is paid. And all it can take is one wrong click on a phishing link or attachment to lock up data and disrupt services – internally and externally. It’s often spread through phishing emails or by someone unknowingly visiting an infected website. Either way, it can be devastating to both individuals and organizations. Here’s how ransomware works:
INFECTION – There are several ways attackers can find their way into computers. One of the most common is by someone clicking on a malicious link or downloading an infected attachment via phishing emails, which can often appear legitimate and quite safe. Attackers also use stolen login credentials to launch the malware via remote desktop technology, which allows them to gain control of someone’s computer remotely.
ENCRYPTION – Ransomware encrypts data in a way that doesn’t affect a system’s stability – but some variants can spread to other computers on the network. Worse yet, the malware can even seek out data backups to destroy them.
DEMAND – Typically, a computer user will receive a ransom note that explains what has happened and includes instructions for how to pay the ransom along with the consequences of not paying by a specific deadline. In some cases, the attackers will offer to decrypt one file for free to prove that the decryption keys work.
DOUBLE EXTORTION – As if losing access weren’t enough, advanced ransomware thieves double down on their leverage by first extracting confidential data before encrypting it, then threatening to publicize it or sell it if the victim refuses to pay. This double extortion process pressures organizations into paying.
TO PAY OR NOT TO PAY – If the victim(s) don’t pay, they risk the chance of losing data forever, and in the case of double extortion, risking that their data will be exposed. But if they do pay, there’s no guarantee that the attackers will provide the necessary encryption keys, and in the case of double extortion, victims still have no way of preventing the attackers from selling or leaking the data.
This means that a ransomware attack is always a losing situation. How can you help protect your organization and your employees, along with others who partner with you, such as suppliers – not to mention your customers?
For starters, and per the recommendations from CISA and NCA, it’s critical to focus on the “people” part of cybersecurity, by having everyone in your organization do these four things:
–Enable multifactor authentication
–Use strong passwords
–Spot and report phishing activity
–Update your software
This is doubly important if your organization is working in a hybrid model with remote workers. Per data platform company Splunk, 78 percent of security and IT leaders say that remote workers are harder to secure, and 68 percent reported an increase in attacks during the ongoing pandemic. With so many more devices (including mobile) being used from a wide variety of locations, the potential entry points and opportunities for hackers to compromise your business have skyrocketed – providing access to steal data or disrupt your operation.
The good news is that you don’t have to go it alone when it comes to protecting your organization from malware. At Konica Minolta, our All Covered IT services division offers anti-malware protection solutions that prevent attacks from being successful and help you stay in business-as-usual mode to prevent downtime and disruption. Our anti-malware services provide:
One of the most important aspects of cybersecurity – completely in line with this year’s cybersecurity theme of “See Yourself in Cyber” – is making sure everyone in your organization is aware of the threats out there and knows what to look for to avoid potential security breaches. Being careful and cautious about clicking is rule #1 for any person who is online, and it’s the first layer of defense for your organization. That’s why we also offer Managed Security Awareness Training, which works to educate, train and actually phish your users so that they can develop more sophisticated cybersecurity skillsets. Our training programs help users with the safe use of email, social media, company software, data management systems and more through personalized, engaging training methods.
At Konica Minolta and All Covered, we’re all in when it comes to internet security. Stay tuned for more blogs about keeping your business protected during Cybersecurity Awareness Month as we cover a range of topics to help you stay on top of one of the biggest threats to your business – cyberattacks – the forms they take, the mess they can create, and how to stay safe in the age of “always-on” business.
Find out more about our malware protection services here.