Every few years or so, a new threat surfaces and becomes the attackers’ “go-to” method of attack. Just a short while ago, advanced persistent threats (APTs) topped every headline – and organizations raced to stop these attacks where attackers would hide and move laterally across the network once they’d gained access.
Next to phishing, ransomware is undeniably the most successful and profitable style of attack for cybercriminals. It's estimated that last year alone, ransomware scams cost victims nearly $1 billion worldwide. And it’s no wonder it’s become so successful – it is based on the old-fashioned criminal model used by gangs and the mafia for many years, newly available in a digital format. Digital transformation is alive and well for businesses and criminals alike.
The ransomware attacks we’ve seen recently represent an even bigger threat: instead of collecting your money and then leaving your organization alone, some new variants are known to destroy your data as opposed to encrypt with no means of recovery. Which leaves us wondering what the next evolution could bring. Could it be a new tactic where the victim is forced into making ongoing payments to keep their data available knows as “protectionware?”
The impact of these attacks is far reaching. It’s not just your hard-earned money that is at risk, it’s also your reputation, viability, and jobs. These impacts can be devastating, especially for a smaller business that may not have resources in place to quickly recover. On top of losing a company’s hard earned money, the downstream effects also impact the business. A couple examples include:
- A police department in Texas got hit with ransomware and lost eight years of evidence, potentially causing criminals to be set free.
- The San Francisco Municipal Transit Authority had to shut down their commerce system for two days costing them $50K in lost revenue.
- The Washington DC police lost 70 percent of their surveillance cameras leading up to the Presidential inauguration leaving a gap in security.
Given the significance of the ransomware threat, we wanted to dig in a little deeper. We conducted a short survey during the month of April that focused on ransomware, including the biggest concerns and how far reaching the threat might be especially in the mid-market. The survey garnered more than 1,000 responses from a broad set of organizations – ranging from 1-10,000 employees in size, with the largest percentage (18.1 percent) of responses coming from organizations with 101-250 employees – based across the Americas and EMEA.
The results were eye-opening. Not surprising, an overwhelming majority, 92 percent of people surveyed are concerned about ransomware hitting their organization. It seems like these fears are well founded – nearly half, or 47 percent of respondents had been a victim of ransomware themselves. Of those ransomware victims, 59 percent were not able to identify the source of attack. Unfortunately, this isn’t surprising, many organizations are often unaware that their network had been breached at all, never mind where the breach occurred. However, of those 41 percent who could identify the source, 76 percent reported that the ransomware attack came through email. Email remains one of the most widely used business communications tools, as well as one of the most commonly targeted threat vectors. These findings underscore the importance of layered security for email – at the gateway, for internal messaging, and certainly for one of the most often overlooked areas, education for employees who can be the weakest link when it comes to protection against threats such as ransomware.
For those using SaaS applications, the results were particularly interesting as they relate to built-in security functionality on those applications. For example, 70 percent of respondents do not feel that Microsoft Office 365 meets their needs to protect against ransomware, emphasizing the value of third-party security solutions. In fact, nearly 60 percent of the respondents are using 3rd party security solutions, like Barracuda Essentials for Office 365, to augment native security features, suggesting that organizations only feel safe using the application with the addition of security solutions.
So how can you protect yourself from these risks? Here are some tips to ensure you don’t become part of the 47 percent of respondents from this survey who were victims of ransomware:
- You are never too small to be a target: A common misconception is that small and midsized businesses think they are unattractive attack targets and by default, safe. In reality, these organizations are often more prone to attacks as they’re assumed to have fewer staff, technology, and resources to combat targeted attacks.
- Secure everything: Digital transformation brings about enormous opportunities for businesses in the way of productivity and cost savings, but it also opens the door for broader attack surfaces and more sophisticated and targeted attacks. Modern advanced attacks typically exploit several vectors – as our research suggests, malicious emails remain a key focus area for attackers using ransomware. The best defense is a great offense – and organizations must take a “secure everything” approach to protect themselves from modern attacks. In order to do this and to protect against smarter breeds of malware, like ransomware, organizations need Advanced Threat Protection (ATP) across all threat vectors. Barracuda delivers Advanced Threat Protection as a cloud service, which means that each ATP enabled solution can employ the intelligence gathered by the others. This makes processing faster and more scalable. A network firewall alone is not enough, just as an email security gateway alone is not enough. As organizations look to benefit from virtualized and cloud networks, it’s critical to ensure the same security and access controls are in place there as with your on-premises infrastructure.
- Enforce, monitor, educate: User behavior can be your weakest link, and it is inevitable that someone will eventually click. However, education is a critical piece of a solid data protection strategy as attackers increasingly look to exploit “human networks” in targeted phishing and spear phishing campaigns.
- Recover from attacks with minimal disruption: When all else has failed, you need a plan to recover your data quickly. Typically for ransomware, the best approach is to devise and implement a comprehensive backup recovery plan that will allow you to recover all your encrypted files with minimal effort.
It’s important to note that even if you’ve already been hit, you’re not immune from future attacks. In fact, some attackers might view your organization as an easy target and begin making plans for an attack with even greater consequences. This means it’s never too late to re-evaluate your security strategy to protect your organization.
At Barracuda, we’ve built our business around helping customers protect their users, applications, and data – regardless of where they reside. With more than 150,000 customers worldwide trusting us to defend their organizations against threats such as ransomware, we have a unique global view of the evolving threat landscape. Protecting customers from ransomware is a top priority for us – whether that is through our community work with coalitions like No More Ransom (nomoreransom.org), or via our portfolio of security and data protection solutions, we remain at the forefront of securing our customers’ digital transformation.
Hatem Naguib serves as Senior Vice President and General Manager, Security Business at Barracuda. He has global responsibility for Barracuda's complete portfolio of award-winning, cloud-enabled security products that span network, content and application security. He brings more than 25 years of experience in high-tech companies building innovative products in enterprise software, cloud services, data center virtualization, software defined networking, and security. Follow him on twitter @hatem_naguib.