Ransomware Attacks Are Far from Over
By Ryan Weeks, Chief Information Security Officer, Datto
Contrary to some recent reports, ransomware attacks aren’t decreasing among small and midsize customers; instead, they’re transforming, as malicious hackers become smarter and more sophisticated with how they carry out their attacks. Increasingly, attackers are discovering new ways to go unnoticed, increasing dwell times. And they’re finding new approaches thanks to successes and failures learned from prior attacks, making encrypted files more difficult to recover.
It remains crucial for MSPs to communicate to SMBs that the threat of ransomware isn’t going away: Just two months back, a survey conducted by CIO Dive revealed that about 81 percent of cybersecurity experts agree there will be more ransomware attacks in 2018 compared with 2017. Multiple reports, including from Verizon’s Data Breach Investigation Report, cited how attacks in 2018 have increasingly focused on servers, and the authors point out that attackers are also looking to extend malware beyond one infected system. In the same CIO Dive survey, email, followed closely by the internet of things (IoT) and mobile devices, were noted as the most threatening attack vectors in an organization’s network.
Beyond email, attackers are leveraging files as a means of carrying out ransomware attacks. Furthermore, they are now slowing down or randomizing the encryption process, helping them to avoid discovery as technology and detection tools continue to improve.
What does this all mean for MSPs and the SMBs they support? Here are a few considerations that MSPs might want to think about when having discussions around ransomware attacks and other cyber threats and how SMBs can protect their businesses:
- Communicate reality and correct misperceptions on ransomware attacks: The worst thing an SMB can do is become complacent and view ransomware attacks as a thing of the past. They’re not, and as an MSP, you need to continually discuss with clients the current threat landscape and ways that they can safeguard their data, and explore the range of solutions they might want to have in place to protect the business.
- Encourage appropriate cybersecurity staff training: As highlighted in this article, the way ransomware attacks are being carried out is evolving. As such, it’s important to train SMBs on the changing nature of ransomware attacks and encourage appropriate – and ongoing – staff education. The more employees know what they should be on the lookout for, the less likely they are to succumb to such attacks.
- Offer appropriate technology solutions that help SMBs protect their businesses: As the saying goes, “If you think education is expensive, try ignorance.” In 2017 alone. SMBs paid out just over $300 million in ransom, according to Datto’s State of the Channel Ransomware Report. Having appropriate antivirus and anti-malware software in place is imperative, as is a backup system in place to ensure that files, records and data can be accessed if need be. Other safeguards include adding security-authentication software, ensuring patches and updates are installed, and keeping abreast of next-gen security tools. If they think that protection is expensive, try losing all their data.
Finally, as an MSP, you need to keep up with your own knowledge of changes in behavior of your customers’ employees, and how their businesses are evolving, so that you can help them prepare for the next emerging threat.
As CISO, Ryan Weeks is responsible for directing and managing Datto‘s Information Security program. Ryan spent 11 years securing enterprise applications, systems and sensitive financial data at FactSet Research Systems.