In the past decade over 50 million Micro, small, medium enterprises (MSMEs) business are formed in India. These MSME firms fueling the economy and contributing to economic growth. They are also a ripe target for cyber attackers, as most of them are connected to the internet than ever before, yet their cyber security capabilities are more limited than businesses elsewhere.
Many MSMEs lack the technology, knowledge, and expertise required to deal with even relatively modest cyber security threats. One threat that stands out above the rest, which is the Ransomware attacks. In the recent days, Ransomware attacks are commonly seen and once infected the companies (esp the MSME) are brought down to its knees. These Ransomware attacks impacts the MSMEs more than larger enterprises, just for the fact that larger enterprise are generally more immune to handle such unforeseen event than the MSMEs.
Who is at risk? The short answer: Everyone with a computer on the internet. Ransomware attackers often target essential and highly sensitive information from a wide range of data-centric businesses and industries including health care, law firms, KPO, BFSI and energy organizations.
Ransomware often infects its victims via the web or email. Web-based attacks tend to use drive-by exploits that target browser, platform or system vulnerabilities, or rely on malicious URLs that may redirect users to sites that host exploit kits. Email-based ransomware is generally used in targeted attacks, and relies on a variety of methods including phishing, spear phishing, malicious attachments, and URLs.
Online virtual currencies such as Bitcoin are the preferred methods of payment because they are not easily traceable. Yet paying the ransom offers no guarantee that the files will be unlocked, leading to loss of both data and money.
Traditional security solutions rely on static analysis and signatures to detect and block known threats. Ransomware attackers can easily bypass those defences. To reduce the chance of a ransomware attack succeeding, organizations need visibility into their internal system security levels and a strong understanding of the attackers’ tools, tactics, and procedures:
- Email security as first line of defence to block ransomware distributed through email attachments and embedded malicious links.
- Network security solutions such as advanced endpoint technology can identify an attack in progress and block further damage.
- Backup strategies should be tested and evaluated regularly to ensure recovery is successful.
- Copies of backups should be stored offsite in case onsite backups are targeted.
Disruptive attacks have become a legitimate issue and businesses must plan and prepare accordingly. The best way is to prevent the ransomware attack is have the right set of controls in place – Security Awareness Training People, Stringent Security Process and Robust Technical Controls.