Dynamic Business Logo
Home Button
Bookmark Button

Image credit: Markus Spiske on Unsplash

How to protect your business from the threat of ransomware

In 2021, the increased reliance on a remote workforce made ransomware, nation-states, social media, and other cybercrime attacks increasingly common. 

Moving into 2022, these are likely to become more sophisticated. Cyber-criminal have learnt from the last two years. As much of our lives remain online, understanding cyber-security is more important than ever for both individuals and businesses. 

McAfee, a global computer security software company, has predicted what form cyber-attacks will take in 2022. 

Raj Samani, fellow and chief scientist of McAfee’s combined company, said, “Over this past year, we have seen cybercriminals get smarter and quicker at retooling their tactics to follow new bad actor schemes – from ransomware to nation-states – and we don’t anticipate that changing in 2022. 

“With the evolving threat landscape and continued impact of the global pandemic, it is crucial that enterprises stay aware of the cybersecurity trends so that they can be proactive and actionable in protecting their information.”

Attacks become more complex

McAfee is predicting ransomware attacks will become more complex in 2022. John Fokker of McAfee said, “For several years, ransomware attacks have dominated the headlines as arguably the most impactful cyber threats. 

“The Ransomware-as-a-Service (RaaS) model at the time opened the cybercrime career path to lesser-skilled criminals which eventually led to more breaches and higher criminal profits.”

RaaS is a business model that sees ransomware developers lease their ransomware software. This practice gives wannabe cyber-criminals with few technical skills the ability to perpetrate attacks. 

Ransomware attacks are more impactful on small businesses than other types of cybercrime that target large corporations, the military or governments.  

Joel Camissar, Senior Director, Channels, Alliances and Cloud, Asia Pacific at McAfee Enterprise, said, “Ransomware is a malicious software (otherwise known as malware) that, once installed in a computer, locks access to your files, databases and applications, until you pay ransom. 

“Victims of ransomware are asked to pay a specific ransom to regain access to their systems – and the costs can vary. An individual may be asked to pay $500, while a small business might have to pay $500,000 or more.”

He continued: “In Australia, ransomware has grown in size and impact and poses one of the most significant threats to organisations today. According to the latest ACSC Annual Cyber Threat Report, there was a 15 per cent increase in the number of ransomware reports made last year. 

“If we look at the impact by industry sectors, a recent global report from McAfee Enterprise has revealed the most targeted sectors by ransomware in Q2 2021 were the government, followed by telecom, energy, and media & communications.”

Ransomware attacks on small business 

Understanding ransomware is vital to small businesses protecting themselves from attack. While ransomware criminals may target anyone from individuals to the government, small businesses often rely heavily on their stored data but don’t have the resources to deal with an attack. 

Mr Camissar said, “Ransomware is a type of cyber attack that targets companies big and small. But, while larger organisations have the manpower and investment available to put sophisticated IT security protections in place, small to medium businesses don’t tend to invest heavily in their IT systems, making them easy targets for cybercriminals. 

“Due to the lack of protections, these businesses don’t tend to have the right resources and skill sets to detect malicious activity proactively and only realise something has happened when it is too late.”

Businesses that rely on the data they store on computers are particularly vulnerable to a crippling ransomware attack.

“Given smaller organisations still house important data, taking advantage of a business with little to no protection is not only easy, but quick. Those businesses that suffer a ransomware attack do not always have a strategic recovery plan in place. Because of this, recovery from a ransomware attack could take longer and be more damaging for the business long term,” Mr Camissar said. 

Back to basics

Establishing an understating of ransomware within an organisation, creating a plan, and developing a recovery strategy is key to withstanding and avoiding ransomware attacks.

Mr Camissar said, “Prevention is key and in the longer term, more cost-effective. IT systems that detect malicious activity and arming your organisation with the know-how on how to identify malicious activity will help reduce the risk.

“Using multiple backups across various locations will help to avoid further data breaches in the event of a ransomware attack, supporting the idea that prevention is again the best approach for protecting small businesses.” 

By putting in place preventative measures, small businesses can save themselves the strife of dealing with a potential attack. Going back to the basics of online safety is key to ensuring cyber-security. By regularly backing up files, practising safe surfing and ensuring staff are aware of the risks, a small business can avoid becoming a victim of cybercrime. 

Mr Camissar said, “The best way to avoid the threat of being locked out of your critical business files and applications is to ensure you have backup copies, preferably in the cloud or on an external hard drive. The cloud in its entirety enables small businesses to be flexible and nimble in terms of an IT perspective.

“Secondly, practice safe surfing, and as cliché as it may sound, think before you click. Don’t respond to emails and text messages from people or organisations you don’t know, and only download from credible sources. This is important as the easiest way for cybercriminals to obtain access to a business’s computer network is via phishing emails that have malicious links or attachments.

“And lastly, provide regular security awareness training for your employees so they can avoid phishing and other social engineering attacks.”

Read more:Pandemic sees increase in ransomware crime

Read more:Cyberattacks and Ransom demands may hit a record high in 2022: Check Point Report

Keep up to date with our stories on LinkedInTwitterFacebook and Instagram.

What do you think?

    Be the first to comment

Add a new comment

Heidi Heck

Heidi Heck

Heidi Heck is a Journalist at Dynamic Business. She is a student at the University of Queensland where she studies Journalism and Economics. Heidi has a passion for the stories of small business, as well as the bigger picture of economics.

View all posts