Most attacks in the past, both viruses and ransomware, were the “spray and pray” variety. Basically, the attackers would send out thousands (or hundreds of thousands) of emails and hope that a small percentage of them were successful. This procedure worked, but the success rate was low and the attackers had to have a large volume to make it successful.
The more profitable attacks that are on the rise are targeted attacks. These attacks rely on quality rather than quantity. Research goes into the attacks that then target a single or very few companies. These attackers will even go as far to check a company or institution’s financial information to see how much of a ransom they can expect to get.
In addition to demanding a ransom for the data to be decrypted, there is often a threat that the data will be released if the ransom is not paid. The threat of data being released can lead to the ransom being paid even if the target has a way to recover from the attack.
While many home users would hate to have their data released, it would not be completely devastating in most cases. If you are a financial, medical, or education institution, it could end your business or severely harm it. These institutions all contain sensitive information of their employees and clients.
For this reason, a recent spike has been seen in the UK involving their schools. Attackers are seeing schools as an easier target in today’s environment with the increase in remote learning. Banks and hospitals have been targeted numerous times before, and their main goal is to be as secure as possible, spending large amounts of money on it.
Schools and universities, on the other hand, are concerned with security, but they’re in a position today with COVID where they need to have fairly open access.
As colleges are pivoting to a distance learning model on a scale never envisioned, they have to allow more and more access in. This means more and more devices the schools have no direct control over, creating potential entry points into the network.
Although most of you reading this are not educational institutions, there is no industry or business (regardless of size) that is safe from a potential attack. Having a good network security system in place with effective backups is critical.
Don’t rely only on a day or a few days’ worth of backups either; some attacks will infect a system, then remain dormant for a while, hoping to outlive the backups you have available.
Having a technology partner who understands the dangers and how to recover is essential. You cannot just plug in a firewall and use an antivirus software and consider yourself protected.
Your business should have an incident response plan that includes backups and restore procedures, as well as testing. You also need to make sure you have a procedure to keep all of your systems up-to-date with the most current patches. Making sure any remote sessions are secure and using 2FA whenever possible is another area often overlooked too.
The list of vulnerabilities is endless, but we are here to assist. Let us provide you the security and comfort that your business is protecting not only your data, but your users from a potential breach.