2022: The Year of Ransomware

2022: The Year of Ransomware

It's no secret that the last few years have been especially dire when it comes to cybercrime. Several large scale ransomware attacks, in which cyber criminals use advanced encryption to lock a person or organization out of their own data until they pay a ransom, have rocked the country. In May of last year, a hacking ring attacked the Colonial Pipeline, based out of Houston, Texas, jamming gas delivery for a huge chunk of the U.S. Meanwhile in Cincinnati, a ransomware attack on Christ Hospital in 2020 compromised both patient and donor information when cyber criminals locked the hospital out of it's fundraising platform. Luckily, according to The Cincinnati Enquirer, sensitive information like, "Social Security numbers, health records and financial information were not obtained by the hackers," though they were able to obtain other information, like names and addresses.

As more and more companies are adopting a remote or hybrid model of work, reliance on computers and the internet has increased. This has opened more opportunities for cyber criminals to exploit systems that have not taken the proper measures to shield themselves. What can conscientious firms do to protect their data and assets?

Defending Yourself from Ransomware

Historically, people have relied heavily on state security agencies to police cyber crime. Former investigative reporter for the Chicago Tribune, Peter Matuszak, in a recent article for Toptal Insights claims that the current state of affairs requires private interests to be much more proactive in their own security. Paraphrasing Jurgen Stock, Secretary General of Interpol, Matuszak writes, "fighting ransomware has become a task too large for any organization or industry to do alone. Without a global response,... nothing can curb the exponential growth of the ransomware crime spree." He goes on to interview numerous cybersecurity experts to shed light on the grim realities of hacking today.

But what can firms do right now to protect themselves? Firstly, they should have established back-up procedures in place. Back-ups should updated and tested on a regular basis, they should be encrypted, and they should be kept offline, so that malicious actors can't breach them.

Secondly, all organization should have standardized security practices and all relevant staff need to be trained on them. This includes everything from password security to two-factor authentication (2FA) to basic literacy on common cyber scams. Third-parties and contractors should be subject to the same measures; if they're unwilling or unable to successfully follow those protocols, you shouldn't be doing business with them. Moreover, security drills and refresher training sessions should occur on the regular.

But What if I'm Attacked Anyway?

It's always a good idea to invest in cybersecurity insurance to cover your losses in the event you are attacked. Never pay a ransom demand. It only encourages future criminal behavior, and, as Matuszak points out, there's no guarantee that a criminal will return all of your data once you fork over the cash.

Lastly, every firm needs to have a robust recovery plan in place in the event of a breach. Protocols should be planned in advance, accessible, and easy to understand.

If all of this seems overwhelming, or if you're not sure where to start, then it's time to call the experts. Titan Tech can help you set up a sound security infrastructure, help you shop for products and insurance, and advise on policies once everything is set-up. Cyber crime isn't going away, so there's no time to waste--contact Titan Tech today for a free consultation.

And stay tuned for more tech news.