Global news headlines over the last 12-18 months have certainly assisted in endorsing the very real and growing threat of cybercriminal activity – in particular – ransomware. Last year’s events alone – the WannaCry and ExPetr ransomware attacks – are a reminder of just how crafty cybercriminals are becoming, and how their attention is consistently turning towards the business world.
In fact, in 2017, 26.2% of those targeted by ransomware were business users. Furthermore, in Q1 of 2018, our research shows an 8.5% increase in ransomware attacks in the Middle East, Turkey and Africa (META) region, in comparison to Q1 of last year. And what’s even more concerning is that the exploit used in the WannaCry outbreak (EternalBlue), is still impacting users. According to Kaspersky Lab data, during the year, May 2017 – May 2018, more than 2 million users were attacked by the EternalBlue exploit.
With expectations that ransomware based attacks are likely to increase, what can local businesses do to ensure they don’t fall victim to the growing ransomware threat?
A true cybersecurity approach
Cybersecurity in the digital age should no longer be viewed as a siloed approach that only requires some protective software implemented on a business server, in an aim to prevent a cybersecurity incident. Executing a cybersecurity strategy that is truly effective requires the business to invest in cyber threat intelligence services, supported by proven technology solutions.
This gives the business the foresight they need to not just prevent cyber security incidents from happening, but to predict, detect and respond to threats in real-time and flexibly – ensuring a full scope of protection, constantly.
Know your landscape and adapt as needed
Cybercriminals seldom rest. Rather, their work and tactics only evolve as technology advances. Ransomware attacks can be defined by various different modifications, each posing a potential risk to an unprepared business. Organisations – even those following a true cybersecurity approach – therefore need to ensure that they stay abreast of the latest cyber incidents impacting business and with this, run the necessary patches offered on an existing exploit and review where any potential vulnerabilities may exist within their infrastructure timely, to plug any gaps as necessary.
Regularly back up data
Although most businesses have data backup structures in place, how many run regular checks to ensure backups are taking place frequently and effectively? Ensuring business critical and sensitive data is backed up accurately and of course securely should form a key component of a business’s true cybersecurity strategy. Having the data backed up, can allow a business to respond to any form of ransomware attack timely and initiate the required steps to avoid further damage.
Never pay the ransom
While it can be very tempting to pay the ransom to get that business critical (and often sensitive) data back, it is not encouraged to ‘give in’ to cybercriminals. Paying the ransom only supports their efforts to advance in cybercrime. Over and above this, there is never a guarantee that all the data and files being held ransom, will be restored safely.
With the rate at which we are seeing ransomware attacks advance and take place, it can be daunting for a business to get this approach to cybersecurity right internally. Partnering with an external service provider who specialises in this field, and who can provide the threat intelligence needed for effective protection can really benefit a business wanting to avoid falling victim to ransomware.
By Riaan Badenhorst, General Manager, Kaspersky Lab Africa
