In the world of information security, 2017 will be marked by ransomware attacks, a method also known as data kidnapping, in which relevant user and company information is encrypted and becomes inaccessible. Criminals then demand ransoms of around R$400.00 to restore access to the kidnapped information, although this amount can vary considerably depending on the size of the company and the importance of the data stolen.
Experts point out that this type of attack is becoming more widespread and will have new variants throughout the year, potentially affecting cloud-based backup services as well. Estimates indicate that the profits of criminals carrying out this type of attack should reach values close to US$ 5 billion throughout 2017.
A study conducted by Trend Micro found that 51% of Brazilian companies were victims of ransomware attacks in 2016. Another worrying finding from the research is that 56% do not have technologies for monitoring and detecting suspicious behavior or attacks on their network.
Ransomware attacks have become so common that they've even turned into a subscription service, where any internet user, without needing any technical computer knowledge, can launch the attack. This service became known as "Ransomware as a service" or "Crime as a service".
According to data released by the FBI, in 2016 alone, losses caused by ransomware attacks reached US$1 billion in the United States. And estimates suggest this number will increase significantly in 2017. Imagine, then, the risks for Brazilian companies, where 50% lack preventative measures against this problem.
Companies that suffer this type of attack are subject to various problems and losses: from total data loss, in cases where there is no backup or release of access to the hijacked files; to the interruption of systems, computer networks, and operations relevant to the business, such as customer service.
To understand how important it is to take steps to reduce risks, try to imagine the impact that data loss could have on your company!
Unfortunately, there's no way to be 100% protected against ransomware. However, it is possible to map the risks and take measures that significantly reduce the chances of the problem occurring.
There are very different ways an attack can occur, let's look at some of them:
- Email messages:
- Phishing, for example, using fake promotions.
- Infected attached files
- Attacks on user accounts and servers with weak passwords
- Hacked websites that are used as platforms for attacks.
- Publishing fake news with links to harmful websites.
- Posting harmful links on social media.
- Online advertising, including on social media and search engines like Google.
- Via apps and SMS on smartphones and tablets.
- Disgruntled and vengeful employees in companies
We do have quite different ways in which ransomware can occur, but it is possible to reduce the risks with some measures:
User training
This is undoubtedly the main entry point for most viruses and cyberattacks in companies. Most professionals fail to identify potential risks, such as a fake email message, and end up clicking on malicious links or opening infected files; when this happens, it is very difficult to prevent the attack from occurring.
Therefore, it is important to provide regular training to employees, focusing primarily on how to identify threats and the potential risks to the company and its professionals. We suggest downloading this material, which addresses safe ways to use the internet .
Define a policy for using strong passwords.
Weak and insecure passwords are a recurring problem for internet users; after all, who hasn't used passwords related to dates, addresses, and family members, even for important accounts like banks or email? But the problem is that criminals know this and exploit this vulnerability extensively, with systems that repeatedly test password combinations until one is discovered.
Fortunately, this problem is simple to solve; just create rules for using passwords longer than 8 characters, combining uppercase letters, lowercase letters, numbers, and preferably keyboard symbols, with periodic password changes, for example, every 3 months. I also suggest downloading this guide on using secure passwords and user accounts .
Email inspection and anti-spam services
We know that fake emails are frequently used in attacks. To mitigate the risks, it's essential to first have anti-spam services enabled for corporate email accounts. This will ensure that a large portion of potentially harmful messages are blocked and never even opened by users.
In addition, we also recommend email inspection, where the content, files, and links of email messages are evaluated, and any suspicious item will cause the email to be blocked. This filter can be considered complementary and even more intelligent than spam control.
WebFilter services and navigation control
These services allow you to manage what users on the corporate network access on the internet, preventing them from browsing harmful and malicious websites. It is important that this browsing control is based on the reputation of the websites, so that it can efficiently identify sites that pose risks.
There are dozens of different services for controlling navigation in companies. Lumiun Tecnologia is an excellent alternative because it has a simple and affordable implementation, and at the same time is easy to manage.
Keep systems always up to date.
Criminals study potential vulnerabilities in systems and exploit these flaws for attacks. That's why virtually all systems have updates that fix potential vulnerabilities.
It is essential to keep all software up to date, including your operating system, antivirus, and other installed programs.
Avoid remote access to computers and servers on your network.
Maintaining external access to your company's computers and servers is the same as allowing access to the data gateway; this practice, combined with the use of weak passwords, is fatal, making it easy for criminals to access your company's data. Therefore, allow this type of access only when absolutely necessary.
Internal monitoring of user behavior
This is a solution generally based on Machine Learning, which uses data and system intelligence to detect unusual behavior within your network, both by users and equipment. Any suspicious activity can generate an alert for those responsible, for example, users copying business data or downloading programs from the internet that are unrelated to the company's activities.
Backup and backup monitoring
Having a copy of relevant company data is fundamental. But more than that, it's necessary that the backup policy be constant and efficient, with daily backups and storage media distributed in different locations. A good option is the use of cloud backup services.
If your company's data is hijacked, paying the ransom to the criminals is not recommended. That's why backups are so important for restoring your information. Don't let the situation happen where you need your backup and only then realize that the saved data is from the previous month – unfortunately, this situation is more common than you might think.
As we can see, measures to prevent ransomware attacks are relatively simple to implement and do not require large investments, considering the risks and losses that potential problems can generate. It is also important to understand that these measures are organized in layers, primarily focusing on prevention, and extending to what can be done in the event of data hijacking.
Ultimately, investing in information security is key to preventing greater losses for your company. Don't wait until your data is compromised to take preventative measures.
15 comments
Comments closed