While businesses are still trying to navigate the effects of the COVID pandemic, there is another pandemic that is spreading across the globe.
In 2020 there were over 304 million ransomware attacks worldwide (Statista.com), and in the first half of 2021, the volume of ransomware attacks is up over 151%. The COVID-19 pandemic led businesses to increase the capabilities for remote workers, but with this change came the additional vulnerabilities of having a distributed workforce.
We have all seen the headlines caused by the ransomware attacks affecting oil pipelines and health care centers. What goes unreported are the millions of other attacks on small and midsized businesses where the only choice for these organizations is either to go out of business or quietly pay the ransom demanded.
Many organizations feel that they are too small to be targeted by these groups looking for large payouts, but what they fail to realize is that many of these attack groups are branching out. They are leasing/renting the code used in these attacks to individuals or smaller groups in return for a percentage of the ransom returns they generate.
The average ransom payout for a small business is $5,900. Businesses report that the average down time from these attacks is 21 days (Coveware, 2021), leading to a loss in revenue and damage to their brand.
Ransomware is most commonly spread via malware, it is estimated that about 1 in 6,000 emails contain suspicious URLs, including ransomware (Fortinet, 2020). There is also an alarming trend in number of ransomware Trojans being discovered on mobile devices, and Kaspersky reported in 2020 that over 4.2 million American mobile users have suffered ransomware attacks on their phones.
All businesses need to implement a plan that will help mitigate the threat posed by this pandemic of ransomware attacks. There are several measures businesses can begin to take reduce the threat posed. The first thing businesses should do is have a security assessment done for their IT networks. These are normally provided free and can take between 7-10 days. This normally is done by installing a temporary security appliance that will analyze all the network traffic coming in and out of your business.
As part of this assessment, an organization should receive a report showing suspected vulnerabilities and recommendations to correct them. With these recommendations, businesses can accurately weight the costs of prevention versus the risk posed by inaction.
IT Hardware Plus, a Fortinet Business Partner in Elgin, has been providing these cyber threat assessments to clients free. The report will provide an executive summary highlighting the security and threats posed to their business, along with details on user productivity. Also included are detailed analyses on at-risk hosts and overall network performance.
The idea that ransomware attacks are only affecting large organizations with deep pockets has been disproved, and all businesses need a plan to thwart these malicious actors.
Contact us today for a free assessment.
• Michael Deacon is Fortinet Product Manager for IT Hardware Plus, LLC. https://www.ithardwareplus.com/partners/fortinet/