Businesses must face the decision of not when, but how they are going to prevent ransomware attacks and secure their data. Rely on in-house teams or outsource to third-party security specialists.
Cybercriminals have a new way to extort money from ransomware victims. Not only will they charge you for a key to decrypt your data, but they’ll add a second charge to prevent them from leaking the data they stole. But how sure can you be that the key will work or the data won’t be leaked?
A recent report shows that 92% of businesses who pay ransomware don’t get their data back, and many businesses are now also paying to not having data leaked online.
Prevention is always better than cure
Prepare your business in advance by raising the levels of your cybersecurity defences because at some point your business will come under cyberattack. The severity and damage are up to you and the decision-makers in your business to decide.
- Just how hard a hit are you prepared to take?
- Is it possible to stop them?
- Can you limit the damage once they’ve broken in?
Yes – Early detection is key to minimising damage. Proactive and real-time monitoring for anomalous behaviour through the deployment of a Security Operations Centre helps thwart an attack before it gets started.
Yes – Recover from an attack with tamper-proof DR and back-ups in place that cannot be damaged by the attackers (a common tactic is to corrupt both primary and backup data). Your business will be up and running again in hours, not days or weeks, although you still have to deal with the possibility of leaked data.
How best to prepare for this threat is the thorny problem facing business directors today, made more difficult by the pandemic and complex Brexit regulations.
Why has the threat of ransomware increased so significantly?
Cybercriminals are exploiting businesses for profit and they are making huge sums of money from it.
They can do this because the tools required to effect a ransomware attack are becoming commoditised and now any criminal can buy Ransomware as a Service on the dark web and begin exploiting targets. They can even buy the break-in, subcontracting the intrusion to specialist teams who do the initial attack work, then hand over the route in to their client.
Ransomware attacks have become serious threats to all businesses (image sourced from McAfee)
Law Enforcement organisations around the world are pushing for businesses not to pay fines. Many now want to make it illegal for ransomware demands to be paid. This is another challenge for directors to navigate if their data is stolen and gets held to ransom.
GDPR and financial regulatory compliance
There is also another issue – company directors face penalties for failing to discharge their regulatory duties for not properly managing cyber risks. GDPR penalties alone for example are up to £20 million or 4% of annual turnover.
Businesses are having to make complicated decisions about their online security, weighing up the costs of investing in cybersecurity versus the financial impacts of being hacked.
Investing in cybersecurity must now be a top priority for ALL businesses, regardless of size.
So how do you improve your Cybersecurity?
Well, there are a few tried and tested methods, unfortunately, they are unlikely to be a match for professional cybercriminals:
- Assign the task to the IT Manager: They’re already stressed enough dealing with Covid and digital transformation. Cybersecurity requires a very specific set of skills, it cannot be just part of a general IT remit. Specialists are trying to break-in, you need specialists to keep them out.
- Hire an Information Security Manager: Hiring and retaining an Information Security Manager is a difficult task. The skills are very much in demand and salaries are at a premium. Once you’ve found someone, how will you make the job interesting enough for them to stick around? In a specialist role, it’s difficult to create a suitable career path for the post holder. Lastly, how do you cover holidays, training, and sickness? The bad guys don’t stop, you can’t either.
Of course, if you have the size of a business where you can justify the expense, you can build a complete IT Security team to provide a Security Operations Centre (SOC) 24×7 level of cover across your whole business.
A typical SOC team would employ:
- 1 Security Manager
- 1 Incident Responder
- 1 Threat Hunter
- 4 Security Analysts
Average industry salaries for these roles are about £60,000 – therefore 7 x £60,000 = £420,000. And, that is before the price of detection tools, maintenance and support costs, or running a Security Information and Event Management (SIEM) system to coordinate all the activity.
Why bring in third-party Cybersecurity experts and a SOC to your business?
Because they have the deep knowledge and skills required to mitigate the effects of an attack.
One solution to this challenge is to outsource as much of the work as possible to ISO 27001 and Cyber Essentials accredited experts. This way you can access the state of the art systems, a team of experts with a wealth of experience in preparing for an attack. The right security partner helps you prepare against an attack through internal IT audits, hardening any vulnerabilities identified, and working with your team to develop the process design. Once you’re ready for the SOC level of cybersecurity defence, they proactively monitor systems on your behalf, updating them as new threats emerge, and detecting attacks before they’re able to move through your network.
The Digital Craftsmen and Armor SOC partnership:
The Digital Craftsmen and Armor dovetails two cybersecurity experts into one seamless cyber defence for businesses.
Two layers of cybersecurity on one SOC
If you want to find out more about how to bring SOC-as-a-service to your business as the vital first line of defence your business needs to have to prevent ransomware attacks, contact our craftsmen on 020 3745 7706 or email [email protected]