Ransomware has long been a menace and has even led to some referring to it as the digital plague of our time. The constant barrage of cyberattacks in the last few years has raised concerns, particularly for organisations that must get to grips with the tactics used by threat actors trying to gain access to their networks.
Cybercriminals have no remorse for their victims so long as they get their ransoms paid. According to one report, the average ransom demand increased by 144% in 2021 to US$2.2 million, while average payment rose 78% to US$541,010. This just goes to show how lucrative and effective ransomware can be.
But what is causing these organisations to fall victim to ransomware? Looking into the top causes for ransomware, KnowBe4 revealed social engineering to be the most successful vehicle for hackers to dupe victims. Social engineering involves cyber threats like phishing via email, smishing via text message, vishing over the phone, or a combination of any of these tricks to get employees to click on a malicious link. We have even seen examples of employees being offered bribes to install ransomware.
Now, there is no silver bullet in cybersecurity that will magically prevent all these threats. You cannot just throw money at technology alone to try fix the problem. Organisational policies and procedures need to bake in security. The most important strategy that needs to be adopted is to develop and increase user awareness of ransomware threats which can help create an added layer of security for the organisation.
Do not rush; security takes time
It can be difficult to trust the process of building security awareness. It can feel like an obstacle that could be avoided by investing in just security technology. Yet, decision-makers have to realise that a positive security culture is an enabler for business operations. Without this element, you will be left vulnerable. It cannot be viewed as a “nice to have” feature or an afterthought just to tick a compliance box.
Dedicating even a small amount of time in a week for security awareness training can make a difference. Having the workforce learn from a variety of resources and tools about security policies, best practices and tell-tale signs of ransomware, and other threats, will help.
People are just as important as the tech
Empower your employees with the right knowledge to make a difference. Within the organisation, they should be viewed as security enablers who can be an integral part of any security program. Do away with the stigma that they are the chinks in the security armour, as this only happens if they are not properly trained.
Security training can be inexpensive and does not need to eat into the security budget, as there are plenty of free or cheap resources to aid security teams in getting the message across. Better yet, these resources come in a variety of formats, from videos and quizzes to checklists and articles. There are even security policy templates that can be downloaded for free. All it takes is a quick search on the internet. Yes, these may be basic or rudimentary and may lack the glamourous features if you were to purchase a subscription with a vendor, but it can definitely help form a foundation of security awareness to build from.
Free tools are available
As mentioned, organisations of all sizes should utilise the free security training tools available to better prepare the workforce against ransomware and other cyber threats. For instance, try ransomware simulators to test the preparedness of the business, assessing how the team would manage such a scenario. Look at password checkers that are widely available for free to see the security effectiveness of the passwords being used in the organisation. There is a plethora of free security hygiene and best practice modules that cover all these areas and more. You can even get security vendors to provide free security consultations with free scans of the network and infrastructure to flag the biggest risks. Yes, a sales call may be required, but having this conversation can save you both on costs and resources, while making you more secure.
Ransomware is a huge issue and there are no signs of it slowing it down so long as it is effective, and since criminals are seeing a return on their investment, it will be here to stay. Thankfully, there are options – some of which are free – to help organisations reduce the risk of being impacted. Make security a business priority and give the workforce the knowledge and ammunition to defend against these social engineering threats.
To give you and your organisation a head-start, KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, has created a resource kit as part of a month-long effort in July to increase awareness of ransomware. Some of the resources for download include a Ransomware Master Class, Ransomware Rescue Manual, infographics, posters, digital signage and more.
To download the KnowBe4 Ransomware Awareness Month Resource Kit, visit www.knowbe4.com/ransomware-resource-kit?hs_preview=jWLYMIeR-76301550774
Recent Comments