Recent ransomware attacks have many companies scrambling to ensure that they're following cybersecurity best practices. The WannaCry worm infected PCs in more than 150 countries. Only a month later, the Petya attack locked users out of their computers until they handed over $300 in Bitcoin to regain access.
While the scale of these latest attacks may be unprecedented, this issue has been rearing its ugly head since at least 1989. Because many companies neglect to patch security holes in their systems and update software, hackers take advantage of advanced tools and technology to break in.
Are the attacks lucrative? Yes. Symantec found that the average ransomware attack made $1,077 in 2016, up 266 percent from the previous year. Paying the requested ransom only encourages further attacks.
The current threat landscape demonstrates that these types of attacks may become even more widespread. While ransomware criminals used to target individuals, increasingly sophisticated techniques now allow them to bring down entire networks.
To prevent these advanced attacks, businesses need to be on guard and implement cybersecurity best practices. Make sure that your operating system is kept updated. Send out company-wide communication whenever an update becomes available along with an explanation of why it is important to stay on top of updates.
As ransomware attackers are skilled at masking viruses as harmless communication, ensure that employees have adequate guidance in identifying malicious emails and attachments. This may take the form of a mandatory on-demand training module. Employees should know to evaluate a sender's address and to red flag anything with egregious typos and grammatical errors.
However, no matter how thorough the training, employees may still be unsure about certain emails. Keep a clear line of communication so employees can ask, rather than defaulting to their individual judgment. Designate a point person within IT who can help.
Despite all this proactive activity, ransomware may still find its way into your organization. Just in case, you'll need to keep regularly updated backups. Make sure these backups aren't kept connected to your network. If they are connected, there's chance that they, too, will become infected.
Implementing and staying on top of cybersecurity best practices is the best way for your company to ward off ransomware attacks.