Ransomware attacks have been in the news a lot recently and are affecting companies of all sizes and industries. Why does this keep happening when the repercussions are so profound? We give you 5 simple reasons.
1. There Are Many Vulnerable Targets
Ransomware doesn’t discriminate when it comes to choosing their target. Attackers know that small and medium-sized businesses (SMBs) and local governments, due to their limited resources, are a good place to target because they have so much to lose, and usually don’t have safeguards in place to prevent or recover from the attack.
A recent Bleeping Computer article reported that 70 percent of ransomware attacks targeted SMBs with an average demand of $116,324, and State Scoop reported that two-thirds of ransomware attacks in 2019 alone have targeted state and local governments, with Lake City and Riviera Beach paying up to $1.1 million collectively.
2. Companies Are Willing to Pay Big Bucks to Access Their Data
Think about how much revenue your company would lose if you lost access to your data for one hour? One day? Over a week? What if you lost access to confidential records of your patients, students or employees? You would probably be willing to pay a high price to get it back quickly.
Hackers know the potential damage this could cause, and when the ransom is getting paid in the millions, they have more motivation to gain access to your data.
3. Attacks Are Becoming More Complex
One of the best ways to prevent a ransomware attack is to know how to spot one. Often times these attacks come linked in an email, but they aren’t always easy to spot, especially when they look like they’re coming from brands you trust like Microsoft, Amazon or Netflix.
We almost went through this recently when receiving an Office 365 email that looked very real. A good tip is to check your links before clicking on them on a plain text editor to make sure they’re safe.
However, training your users to be experts at identifying malicious links in email can be a daunting task. Consider using a resource like KnowBe4 to identify users that are vulnerable to phishing attacks.
4. Top Management Does Not Put Emphasis on Data Protection or Recovery Testing
In many cases, upper management doesn’t see the value of investing in proper data protection or recovery testing. Lake City for example just experienced a huge ransomware hit where they were forced to pay out $460,000. Lake City’s IT Chief pointed out vulnerabilities in the system years before but had no money to fix the issues.
Getting top management to appreciate and demand comprehensive and professionally managed data protection is key. Without buy-in from management the appropriate funding levels will most likely never be met, nor will it be communicated as a priority to IT staff that data protection is a highly valued objective.
5. IT Admins Are Not Always Well Trained or Certified in Data Protection
Although your IT staff may be highly trained in different areas, most aren’t highly trained or focused on backup and recovery. IT staff needs to have the training and time to focus on data protection even when other high priority IT initiatives invariably arise.
IT staff needs to be redundant with others trained and experienced so that when someone takes a vacation or takes another job, the data protection system is not neglected. Not having this expertise can also be a far greater cost.
How We Can Help
Ready to defend against ransomware for your business? Set up a time to talk to a backup and DR expert here: Fill out this form for more information!
