Is your business safe?
The ransomware industry has grown by 2,500% this past year. Criminals have found a high return on investment developing and deploying ransom software that phishes your employees, infects your network and shuts your business down until a ransom is paid (and there are no guarantees your files will be released once you pay the ransom!).
Today I want to voice my concern over failing cybersecurity strategies that businesses all over Philadelphia need to address in 2017 and beyond. There is no clear stop to cybercrime anytime soon, and many businesses are actually fueling a growing problem.
With growing popularity of bitcoin, hackers able to see high returns quickly and securely. With more incentive than ever (high profit margins, little investment, and massively successful campaigns), these criminals aren’t stopping their attacks on small to medium-sized businesses. With secure payment methods to get ransoms, little government oversight on cybercrime and limited to no enforcement of enacted cybercrime laws, would you expect crime to be declining?
Here are 3 of the big reasons why your business needs to put cybersecurity as a #1 priority for 2018:
Code is cheap— you might think that software programs are expensive, especially ones that are custom to your business. But one of the biggest reasons there are so many hackers and cybercriminals attacking businesses is that malicious code is cheap to buy. In fact, on the dark web this month, the average ransomware package sells for just $10.50!
Let’s say you’re a budding criminal that wants a big return. You invest in a virus for 10 bucks and follow a list of instructions (essentially, point and click instructions). You attach the virus to an email and start sending it out to a list of prospective victims (a list which you paid another 8 bucks for on the dark web). You do a little reconnaissance research on your victims: who they work with, what their hobbies are (simple stuff easily found on Facebook or LinkedIn). And you wait for victims to pop up from that list.
Simple as that. If you’re a criminal, you spend 18 bucks and wait for your bait to get gobbled up. You may optimize your campaign just as a marketer might with their sales campaigns, to make sure (1) people are opening their emails and (2) folks are clicking on your link bait.
On average 5-10% of emails get opened (but this can be much higher is you have a captivating subject or pressing email topic). And about 20% of links get clicked and attachments get opened when received from strangers—if someone just spoofed a sender address from Jane in accounting, the click rate may be much higher!
Your business gets infected. Your workers are down for hours to days. You hastily pay a ransom. You incur all the risk.
The cybercriminal invested 18 bucks, sent emails to a few thousand to tens or hundreds of thousands of prospects (amounting to maybe an hour’s worth of effort). With a 1% return rate, the criminal made enough to live for quite some time (and to realize that it isn’t that hard to get wealthy with cybercrime!).
Exploits are easy to find—Microsoft, alone, releases patch releases monthly (and recently has been do so at a much accelerated pace). Many businesses don’t get around to patching their machines months to years after a security patch is released (if they ever get around to doing it).
This leaves big opportunity for hackers to reverse engineer patches (maybe spend a couple hours fiddling with code—which is something these folks are passionate about) and sell an attack for criminals to purchase (for a criminal, this is another 10 buck investment). Easy money for a coder (hundreds to thousands of their code packets sold) and good return for the cybercriminal. If your business isn’t even taking basic precautions to protect your data, be assured you’re playing Russian roulette with your cybersecurity!
Most businesses are not properly backing up their critical data—cybercriminals are beginning to realize that many businesses don’t have good enough backups of their data to be able to recover from a ransomware attack.
Even when your IT guy says that you’re getting backups, doesn’t mean that they are actually working. He or she is likely seeing that backups are ‘On’ for your network. Your IT Support company or internal support should be testing backups to make sure they are working properly and in the event of a cyberattack, that you can completely restore from a recent backup without a hiccup.
More and more businesses are realizing when attacked, that they cannot recover. They end up paying large bitcoin ransoms, relying on chance that everything will be okay. Having a 3rd party audit of your backups will help you assess whether your IT Support team is doing everything they’re committing to.
Your Simple Cybersecurity Reality
It’s hard to digest, but the simple reality is that the ransomware and cybercrime industry is growing day by day. Dismantling businesses with weak cybersecurity policies, strategies and infrastructure. Cybercriminals are raking in large pay days simply because businesses like yours are not taking proper precautions (or checking to see that your company mandates on IT Security are getting implemented).
Are you concerned about your business’ cybersecurity health? Contact Us TODAY for a free cybersecurity assessment!