Since our last chat about cloud benefits, the world has seen some significant security events, most notably the WannaCry ransomware outbreak starting on May 12, 2017. The attack held healthcare organizations in Britain hostage and inhibited admissions and critical surgeries from being performed. Many other organizations, large and small, around the globe were affected as well.
What is ransomware?
Ransomware, in general, is software that spreads virally through vulnerabilities and security holes in systems. Once it infects a host, it looks for critical data and uses encryption to lock that data and render it unusable. The key to unlock the data is held on the cyber-criminal’s server and victims must pay a fee to unlock their data. The fee must usually be paid using Bitcoin, a form of internet digital currency that can be difficult to locate and purchase and can be quite expensive. A message displayed to the user on their computer system informs them of the ransom and includes a dashboard showing how the price of the ransom goes up as time passes towards an ultimatum time limit. If the time limit is reached the key to unlock will be erased. Understandably, this causes stress and urgency to pay as soon as possible.
Who does this and why?
Quite simply, it is a billion dollar business run by cyber-criminals around the world who hold companies and their business data hostage. Hackers residing in countries that do not cooperate with foreign governments and InterPol have a safe haven to treat hacking as a business model.
“Three hardcoded bitcoin addresses, or "wallets", are used to receive the payments of victims. As with all such wallets, their transactions and balances are publicly accessible even though the wallet owners remain unknown. As of 23 May 2017, at 5:00 UTC, a total of 297 payments totaling $106,180.44 had been transferred.”
WannaCry was fortunately cut short of its full potential by a security researcher who stumbled upon the “kill switch” by accident and stopped the global outbreak. However, we should all expect a new attempt soon and should remain vigilant.
How do I protect my business?
Ransomware spreads using known vulnerabilities and security holes. Unsuspecting users opening emails or attachments that appear to be legitimate, clicking on links and going to fake websites are some of the ways the ransomware gets launched in networks. The ransomware then exploits unpatched or improperly secured systems, encrypting data and spreading to the next host it can find.
WannaCry exploited a security vulnerability that was patched in mid-march by Microsoft. Businesses that properly applied the security patch to all systems were largely unaffected by the outbreak.
Defending your business from these attacks requires a layered security model that includes:
- A properly configured firewall that restricts traffic to only what is necessary for the business
- Up-to-date antivirus software installed on all client and server machines, preferably with centralized management of deployment of signature updates
- Regular patching of all machines with centralized management, deployment and reporting
- Documented security policies setting out best practices for employees
- Education of employees around preventing phishing email attacks, clicking on spoofed external sites, and downloading software to the enterprise environment
- Regular backups of your business-critical data that allow for a minimal time period of loss
- Testing of the restore operations so that the business is certain that the right data is being backed up correctly
How can the cloud help?
Properly setting up the layered security model above takes skill, time and expense both initially and on an ongoing basis. In most cases, both the hard and soft costs can be more than an SMB can afford on its own.
ECi maintains a robust cloud environment deploying some of the best security technology; it already hosts nearly 2,000 customers around the world. It has been in operation for more than five years. Security operations, backups and failover are performed at secure data centers that house many large servers, networking equipment, and storage arrays. The data centers are managed by professional IT personnel with experience in the cloud environment who dedicate themselves to our software. We have relationships with our hardware vendors, security consultants, and software providers (Microsoft, for example) who we can reach out to on a moment’s notice and receive an immediate response, even on holidays and weekends. These things are not only expensive they require scale of operations to be successful.
Through scale of operations, ECi can help you reduce the operational risks to your business at a more affordable cost than for a stand-alone operation. Ignoring the risks to your business operations in light of today’s challenging security environment is a choice. However, we value your business and want to help you proactively avoid a disaster.
Don't miss out!
Stay on top of the latest business acumen by subscribing to the Big Ideas for SMBs blog.