There was a time not so long ago when CFOs only had to worry about budgets and finances. However, CFOs are finding that their sphere of influence is expanding. Now, they have to work with other C-level executives and their teams to build the business of the future. Take for example cybersecurity, a process once left to the CIO or CISO, or even to the IT team. However, the threats have evolved and changed against businesses. This means those preparing for The Future Office of the CFO have to be aware of the potential disruption to the business caused by a cyberattack. Nowhere is this more true than with ransomware. It can impact all levels of a business, disrupt supply chains, and lead to unexpected financial liabilities.
Ransomware: The Beginning
Ransomware attacks are on the rise. It seems that more and more organizations fall victim on a daily basis. Unfortunately, ransomware attacks are not a new phenomenon. The concept of digital extortion has been around for some time. One of the first documented ransomware attacks came along in the late 1980s. It began with using floppy disks to infect systems with the PC Cyborg Virus, also known as the AIDS Trojan Virus.
The late biologist, Joseph Popp created the AIDs Trojan virus. The virus was distributed via floppy disks labeled “AIDS Information – Introductory Diskettes.” Around 20,000 infected disks were distributed to attendees of the World Health Organization’s AIDS conference. The virus worked by hiding directories and encrypting files on the PC’s hard drive. Then, it displayed a message requiring those infected to send $189 to a Panamanian PO Box used by the PC Cyborg Corporation to get the key to unlock the computer’s data files.
Tipped off by the British anti-virus industry, New Scotland Yard issued an arrest warrant for Dr. Popp. He faced charges of 11 counts of blackmail. They quickly analyzed the virus. Software tools were made available to restore data on infected systems. Some 32 years later, ransomware remains a major problem.
The Growth of Ransomware
Ransomware has evolved significantly over the last 32 years. It has become a worldwide scourge, with costs expected to reach some $20 billion in 2021, according to Cybersecurity Ventures. However, that number only represents the amount of ransom expected to be paid out. The overall costs are most likely much higher. There are costs for remediation, cybersecurity software meant to prevent ransomware, and loss of productivity. There’s also a potential cost associated with damage to an organization’s brand and reputation. Those costs can add up, especially when one considers the average attack costs some $200,000 according to the National Security Institute.
Many different factors have contributed to the growth of the ransomware phenomenon. For example, the growth has stemmed from how easily it can be distributed. Additionally, the rise of cryptocurrencies, such as bitcoin, has contributed to the spread of ransomware. This makes it impossible to track down those demanding ransoms.
Furthermore, ransomware has become a big business for organized cybercrime. With the availability of Ransomware as a Service (RaaS), developers can sell or lease compact, easily deployable, and scalable malware toolkits to individuals and groups who want to stage cyberattacks. That means anyone who has access to the dark web can buy a ransomware kit and deploy it for quick and easy profit.
Now, more than just cybercriminal organizations can get into the extortion game. Businesses and organizations may have to start worrying about disgruntled employees or others planting ransomware from the inside of the network. A scary thought for those already dealing with insider threats.
Today, an attack seems inevitable for almost any organization. After all, the news often mentions a large organization falling prey to a ransomware attack. It covers how those organizations have to pay the ransom to quickly get their data back. Many of those headlines mention ransoms of millions of dollars, as well as other threats posed by cybercriminals.
Understand How it Spreads
For example, some cybercriminals not only threaten to leave files inaccessible but also threaten to reveal company secrets they gathered as part of a ransomware attack if they don’t pay a ransom quickly. Other cybercriminals escalate the amount of ransom demanded as time goes on. Simply put, ransomware is no longer something that we can ignore, with businesses relying on luck or some sense of security to protect them. However, all is not lost. Businesses can protect themselves from ransomware by understanding how infections can happen and what steps to take to keep the ransomware threat at bay.
There are numerous vectors making computers vulnerable to an attack. One of the most common attack vectors comes in the form of phishing, where an attacker uses an email attachment to target the victim. That attachment usually masquerades as a trusted file, perhaps a document, spreadsheet, or some other common file type used by the victim. The idea here is that the victim accesses the file, which then launches a payload to infect the computer. From there, the malicious code goes to work in the background exploiting security holes or using other tricks to gain access.
Intruders are those who hack their way into an organization’s network to gain access to a critical system. Intruders launch some of these ransomware attacks. Those intruders leverage security flaws, attempt to take over accounts, or look for unpatched systems to break into a network. Another attack vector comes in the form of malicious code delivered by a website, referred to as a “drive-by-download”. A visit to a website can result in inadvertently downloading a malicious code that the browser then executes.
Preventing Infections and Attacks
Keeping ransomware at bay may seem like a herculean task. However, those who are armed with basic knowledge of cybersecurity can become part of the solution. Adopting some basic best practices can go a long way in helping secure the network and prevent ransomware attacks.
- Staff: It is critical to train the employees of an organization about cyber hygiene. Any employee, partner, supplier, or vendor that connects to the network must be educated about cyberthreats. That means providing measurable cybersecurity awareness training. With the majority of ransomware attacks coming through via phishing or social engineering tactics, properly educated people can help defend the network.
- Technology: Deploying a layered defense protects data, endpoints, gateways, and hosts. It also offers defense from multiple attack vectors.
- Process: Creating a risk management plan becomes critical to prevent attacks. In addition, policies and rules to control access to systems, data, applications, and devices are also essential in threat prevention.
- Protection: Regular backups, which you can protect from attacks, prove to be a remediation path if an attack occurs.
- Knowledge: By working with other departments, you can better understand how they use data throughout the organization as well as protection methods.
In today’s world, cybersecurity is no longer limited to the IT department. Effective cybersecurity requires that everyone in the organization participates, from the C suite on down.