Planning & best practices for network security in the workplace
Ransomware, or malware, is one of the most profitable criminal business models in the history of malicious computer software. 2017 saw over 40,000 attacks per day, with ransomware hiding in over 40 percent of all email spam. In May of 2017, “WannaCry” Ransomware hit 150 countries by accessing employee’s computers. In just one day, it infected more than 230,000 computers with an estimated loss of $4 billion dollars. New strains of ransomware are hitting the cyber world on a continual basis, and Gartner predicts that by 2020, 60 percent of security budgets will be reserved for detection and response capabilities.
What is Ransomware?
Ransomware is malicious software that locks or encrypts computer files, according to the security awareness training company KnowBe4. With the files “stolen away," the organization must pay ransom in electronic currency to get those files back or to have the device unlocked. These ransoms can range from $500 up to millions of dollars, sometimes with a looming one-week deadline at which time the price starts to rise. Once the fee is paid, the cybercriminal provides a key to unlock or decrypt the stolen computer files. Ransomware can even get past an employee’s personal workstation and work its way across a company’s entire network and encrypt all the files in its path. Unfortunatey, cybersecurity threats will see a substantial rise into 2018, according to Gartner. Organizations need to stand alert and be prepared for these potential threats. Here are a few strategies businesses can take to increase network security.
Getting Employees to Know the Threat
Understanding potential ransomware threats and educating employees is a first step in fighting back against cybercriminals. Ransomware could infect employee’s computer files in a variety of ways including:
Phishing
91 percent of cyberattacks start with a phishing email, according to a report by PhishMe. The emails are designed to trick employees into clicking an infected link or opening an infected attachment. The email will usually look like it’s from an organization that the employee would recognize and assume was real.
Texting or SMS Phishing
This is a similar form of trying to trick people by appearing as a familiar or safe entity but through texting. These texts are trying to get employees to click on or enter personal information. Often Android and iOS-based phones and tablets are targeted in this method.
Voice Phishing
These are actual automated voicemails that trick people into calling a number or entering information through their smartphone, like a credit card number. The numbers coming in also could be electronically forged so they appear like they’re coming from a real source. Attackers will often pick an area code or phone number that seems familiar, for example from the person’s hometown or current town. When the person calls the number back, they may be given information on how they need to fix a problem with their phone. The caller then follows the directions to fix the problem; however, they are actually installing ransomware on their own device.
Social Media
Social media is used in many organizations today, from LinkedIn to Facebook to Twitter. Ransomware is creeping into social media by enticing people to click on a link or a thumbnail of an image. There is commonly a natural response to open image files, but once it’s been clicked, a file automatically downloads and the device is infected.
Ads & Images on Websites
Sometimes malicious software can be placed right into online ads or images on websites; it can even be an ad for an actual product.
Multifactor Authentication
With the increasing value of usernames and passwords on the black market, multifactor authentication is an underrated end-user security strategy. By requiring users to present two pieces of identification — ranging from tokens to security codes — at each login, multifactor authentication provides an added layer of safety.
As more and more enterprises move toward digital transformation, an inevitable process for successful business models, network security is becoming a top priority. From network architecture to end-user caution, it takes a variety of diligent efforts to keep an enterprise network secure.
Learn More in a Live Webinar
To learn more about best practices for network security, register for the upcoming webinar on March 21, 2018, at 9 a.m. PT.