February 21, 2017

Ransomware, Backups and the Aging IT Specialist

By Daniel Matthews

Small Business Security Right now, two technology trends characterize the small business ecosystem: a growing migration to the cloud, and a growing susceptibility to cybercrime, particularly in the form of ransomware. Recently, I discovered this duality firsthand. Stranded at the local ski resort, I got a ride down from a fellow snowboarder named Dan. Dan […]

Small Business Security

Right now, two technology trends characterize the small business ecosystem: a growing migration to the cloud, and a growing susceptibility to cybercrime, particularly in the form of ransomware.

Recently, I discovered this duality firsthand. Stranded at the local ski resort, I got a ride down from a fellow snowboarder named Dan. Dan is a salesman for a small business selling signage. According to Dan, his company’s data was hijacked by hackers and held for ransom. The ransomware was embedded in an email opened by one employee. The small business owner has a longstanding relationship with an aging IT specialist, who hadn’t backed up any of the company’s information on the cloud. It was all sitting on hard drives, and suddenly, they weren’t able to access any of it. They paid the ransom to get the data back because, really, what else could they do?

In 2015, about 50% of cyberattacks worldwide hit small businesses. Small businesses can be unsuspecting, and invest less in cybersecurity than large corporations. Hackers can attack more than one small business at a time, and increasingly, they’re doing this with ransomware. For hackers, ransomware is simple and lucrative. There’s no need to ferret out financial data and resell it, or interact with banks. All it takes is one employee to open a file containing Malware. Then, thieves can potentially get a payout directly from the business whose livelihood is at stake.

This comes at a time when small businesses are increasingly seeking ways to be more competitive with cutthroat giants like Amazon and Walmart. Out of Quickbooks’ ways to increase small business profits, the top two are:

  • Go paperless
  • Switch to electronic forms and filing

As small businesses heed this advice, hackers lineup to block their access to files. In an interview with NBC, the executive security director of IBM Security Limor Kessem says, “It’s like some sort of gold rush. Cybercriminals are using ransomware to bring extortion to the masses and more criminals are now doing it because they’re interested in getting a piece of the action.” Ransomware payments reached an estimated $1 billion in 2016, up from $24 million in 2015. At the same time, small businesses were hit with eight times more attacks in 2016 than in 2015. According to a study from IBM, only 30% of small businesses offer cybersecurity training to their employees, which makes them more vulnerable.

When I talked to Dan, the salesman whose company eventually paid a data ransom, he felt that if his company’s data had been backed up to the cloud, they could have avoided paying the ransom. “The cloud is where a lot of businesses our size are going anyhow,” he said. Turns out he’s dead on the money.

Small business, the cloud, and security

About 78% of small businesses will adapt their operations to cloud by the year 2020, up from the nearly 40% that are already there. One primary reason for this is the convenience of SaaS; another is “Hives”, groups of individuals who collaborate virtually from remote locations, some freelance, others part of the core unit. The desire to compete head-to-head with big business is also driving this trend.

But is the cloud safe from ransomware? Depends. Brian Krebs details the story of an acting agency for children that fell prey to a cloud ransomware scheme. The firm had all their applications and data hosted on a private managed cloud solution. Here again, ransomware struck through email. An employee opened an attachment that looked like an invoice, and the company was no longer able to access more than 4,000 files. Fortunately, the cloud provider was also providing backup. The firm was able to get their files back, but it took nearly a week. The attack also affected other clients on the same server.

If cloud files aren’t backed up, they’re vulnerable. Cloud hosting and storage alone won’t do the trick. Eastern Kentucky University identifies attacks on cloud services as one of the looming threats in cybersecurity. EKU identifies seven components of cybersecurity which can be seen in the featured image.

Anti-malware specifically targets infections, such as ransomware. Anti-malware applications run files in an emulator, testing them for threats with a behavioral assessment in the application, and in the cloud. There are security applications for mobile phones, too–highly recommended if employees conduct any sort of business on their phones. Note that cybersecurity training is also critical. If small businesses are going to invest more of their resources in the cloud, security training will be a prerogative. In order for small businesses to compete with big businesses, they will need to compete in the training arena as well.

By Daniel Matthews

Daniel Matthews

Daniel Matthews is a freelance writer from Boise, ID. Daniel received his Bachelor's in English from Boise State University in 2006, and is currently working on a book about the 2008 financial crisis. Widely-published online, he specializes in research and analysis that sheds light on the intersection of tech, business, and current affairs. Daniel is an avid writer and technology enthusiast whose mission is to bring journalistic integrity and informed opinions to his audience in ways that make them think differently about the world. You can find him on Twitter and LinkedIn.
Katrina Thompson

Why Zombie APIs are Such an Important Vulnerability

Zombie APIs APIs have a lifecycle, the same as anything else. They are born, they [...]
Read more
Steve Prentice

Episode 19: Why AWS Needs to Become Opinionated about FinOps

On today’s episode of the CloudTweaks podcast, Steve Prentice chats with Rahul Subramaniam, CEO at CloudFix [...]
Read more
Metasploit-Penetration-Testing-Software-Pen-Testing-Security

Leading Cloud Vulnerability Scanners

Vulnerability Scanners Cyber security vulnerabilities are a constant nuisance and it certainly doesn’t help with [...]
Read more

5 Azure Cost Management Strategies

What Is Azure Cost Management? Azure cost management refers to the practices and processes that [...]
Read more

Lambda Cold Starts: What They Are and How to Fix Them

What Are Lambda Cold Starts? Lambda cold starts occur when AWS Lambda has to initialize [...]
Read more

AI at the Gate: Navigating the Future of Cybersecurity with SonicWall’s Bobby Cornwell

Navigating the Future of Cybersecurity In the face of the digital age’s advancements, AI’s role [...]
Read more

SPONSORS

Interviews and Thought Leadership

Jeremy Smillie

Securing the Future: Insights from DevSecOps Expert, Jeremy Smillie

Welcome to another insightful discussion on CloudTweaks. Today, we have the privilege of delving into the dynamic intersection of DevOps, Security, and Tokenization with a seasoned expert in the field, [...]
Read more
Srini Kalapala

Driving Growth: Srini Kalapala Discusses Verizon’s Network APIs

Welcome to our interview with Srini Kalapala, Senior VP of Technology and Product Development at Verizon. Today, we explore how Verizon’s network APIs are reshaping global developer landscapes and enhancing [...]
Read more

Top Cloud Cost Optimization Strategies for Multi-Cloud Environments

The age-old saying “Don’t put all your eggs in one basket” has found a new resonance in today’s cloud landscape. [...]
Read more

Embracing Governance to Navigate 2024’s Tech Trends

Mastering Governance Strategies for Success The start of a new year is a fitting time for goal-setting, and IT managers [...]
Read more

Karen Buffo, CMO of MixMode, on the Rise of AI in Safeguarding Digital Assets

Welcome to our Q&A session with Karen Buffo, CMO of MixMode, hosted by CloudTweaks. Today, we’ll explore the profound impact [...]
Read more

SPONSOR PARTNER

Explore top-tier education with exclusive savings on online courses from MIT, Oxford, and Harvard through our e-learning sponsor. Elevate your career with world-class knowledge. Start now!
© 2024 CloudTweaks. All rights reserved.