(Updated from September 29, 2021)
Whether you run a small or large business, a ransomware attack can be devastating. That is why it is important to do all you can to secure your business before an attack. There are, however, 3 common myths that could give you a false sense of cyber security. Listed below are 3 of these myths and how you should address them to be more cyber secure.
- Paying the ransom will be the quickest way to get your data back
This is one of the biggest and most frightening myths out there. So many businesses do not take the precautions they should, because they think they can just pay for a decryption key and get their data back. However, this approach cannot guarantee that the decryption key will work. Sophos’ “State of Ransomware 2021” survey reported that only 8% of those organizations paying the ransom received all their data back. Additionally, Sophos’ “State of Ransomware 2022” survey found that 11% of organizations said they paid ransoms of $1 million or more, with the average payment being $812,360. That is a lot of money to pay out to “maybe” get your data back. You need to rethink your cyber security strategy if you think paying the ransom is the most efficient.
- Backing up your data will make you immune to ransomware attacks.
This myth has some truth to it; however, you need to understand that all backup plans are not the same, and not all ransomware is delivered in the same way. Cybercriminals have evolved their methods of delivering ransomware. They know you will be less likely to pay if you can restore from your backups. Cybercriminals now also target backups stored on your network and in the cloud. Once they encrypt your backups, you will not be able to restore your data. The better backup strategy is to use something called 3:2:1. In this strategy, you have 3 copies of your data: the Production data and 2 backups, with 1 of those backups being offsite and offline. This strategy ensures you have a clean backup to restore from.
Having backups, however, will not make you immune to cyber attacks. Those ever-evolving cybercriminals have learned the double extortion technique. With double extortion, cybercriminals not only encrypt your files but also steal copies of your data and threaten to expose it if your organization doesn’t pay the ransom. Now, instead of paying to get your data back, you are paying to keep it from being exposed and causing further harm. Backups are only one part of the cyber security chain you need to have in place.
- When the ransomware attack is over, it is over
Sadly, this one couldn’t be further from the truth. When it comes to weather, we say that lightning doesn’t strike twice, but when it comes to cyberattacks, cybercriminals love to target the same organizations repeatedly. They know they can get in, and if you don't upgrade your cybersecurity, they will come in again in the same way. If you’ve already paid once, they think there is a good chance you will pay again.
Another problem is that cybercriminals often lurk undetected on your network before they make the ransomware demand. Cybercriminals can spend months inside your network learning where the most valuable data is kept, and how to access it. Hackers can install "back doors" into your network to launch a cyberattack long after you think the threat has been eliminated. The UK’s National Cyber Security Centre published a blog post about how one company was attacked twice within two weeks. After the company restored their network from the purchased decryption key, they did nothing to identify the root cause of the attack or ensure they had secured the network. So, they were hit by ransomware again by the same cybercriminals. Cybercriminals know that if you are willing to pay once, you will pay again and again. It is crucial to conduct a thorough investigation if you have been attacked by ransomware before you consider restoring your data to prevent being attacked again. Also, it is necessary to reset passwords, clean hardware, and fix vulnerabilities.
So, what can your organization do to adequately protect itself against ransomware? While offsite backups are a good place to start, they alone are not enough. Additionally, you need to consider,
- Cyber awareness education to teach employees how to avoid unknowingly downloading ransomware onto their computers.
- Endpoint protection strategy to block viruses, including ransomware, from getting into your network in the first place
- Intrusion detection system that can alert you to anomalies can also help you prevent an attack.
- Vulnerability and remediation management to ensure your systems are patched promptly