Your backups protect against ransomware attacks – but the game is about to change again.
These days, data is the lifeblood of every organisation. If you lose access to that information, your business is in serious trouble.
All of this helps to explain the success of ransomware, a type of computer virus that permanently encrypts files unless you pay for the relevant decryption key. Although no one wants to pay a ransom, the fear of being left without data leaves few options.
Businesses get smart(er)
One of the few upsides to the current ransomware epidemic has been an increased understanding of the importance of a solid backup regime. Some businesses are finally investing in the tools and processes needed to protect their data from loss or corruption. Unfortunately, the majority of SMEs are still under-prepared, under-estimating the value of their data, and assuming the worst will never happen to them.
For well-prepared businesses, ransomware isn’t as terrifying as when infections were first discovered. They can simply restore their data from backup, and be up-and-running again in a matter of hours. Those SMEs lacking a proper data backup solution stand to lose a lot more.
Everything changes. Again.
Just like computer technology itself, cybercrime and malware techniques are constantly evolving. Every time IT security specialists develop a fix, criminals hit back with some other tool or hack, designed to keep money flowing into their pockets.
Ransomware is very lucrative – one cyber security specialist estimates individual criminals can net an average of $90,000 per year. But as businesses and individuals get better at dealing with infections, these hackers are seeing their income fall – so they will have to try something different.
The future of ransomware - your data published online.
In future, cybercrime will continue to revolve around stealing your data for profit. The method of ransom will change though. Instead of demanding cash for encryption keys, expect to see criminals secretly upload copies of your data and then threaten to sell data to your less scrupulous competitors – or more likely release it online where anyone can help themselves to your intellectual property, business information, employees and customer private details that you were entrusted to keep safe.
Exposing your data in this way threatens your operations, your profits and will destroy your business brand and reputation. Worse still, your backup regime cannot cope with this new strategy – once published online, there’s nothing you can do to reclaim that information or to stop other people copying and downloading it.
An even bigger problem awaits corporate ransomware victims
Should hackers expose the personal data held by your business, you could be in serious trouble with the Information Commissioner’s Office too. And as the new GDPR regulations come into force, the penalties associated are set to become a whole lot harsher.
Faced with a fine of up to 4% of your total annual global turnover, or a multi-thousand-pound ransom, most will choose to pay the criminals.
Rather than putting cash aside to pay ransoms, however, your business needs to be implementing security provisions and risk intelligence reporting to help keep the hackers out – otherwise, you could be in breach of the GDPR. Should the worst happen and your defences are breached, you can prove your efforts to meet GDPR requirements – and help to minimise any fines you may face.
The sad fact is that ransomware methods may change, but businesses will continue to fall victim to the criminals.
For more help and advice on meeting the challenges of the ransomware threat, please get in touch.