Ransomware like WannaCry’s been big in the news lately – and I’m certain most of us are pretty worried about it. Here’s the key to ensuring that we won’t need to be.
Ransomware is on the rise. 2017 saw WannaCry, the largest, most damaging, and most publicized ransomware attack in history. Not only that, ransomware attacks targeting businesses tripled this year, reaching a high of one attack every forty seconds by Q3 2017.
That trend isn’t likely to change anytime soon. We’re going to see more ransomware attacks, and the vectors through which they strike their victims more cunning and complex. It’s an intimidating thought – not in the least because of how much damage ransomware can cause if it manages to infect an organisation’s systems for even a short time.
Consider what happened to global shipping giant Maersk. In June, the company was hit by NotPetya, another global ransomware attack similar to WannaCry in scope. Although its systems were only offline for a few days – and although it didn’t lose any data to the attack – it ended up disrupting the company’s operations for weeks, and costing it nearly $200 million.
Suffice it to say, you need to do everything in your power to protect your business.
You probably already know a bit of what’s necessary. You know you need to maintain air-gapped backups and network monitoring tools. You know you need to educate your staff on how to recognize phishing emails. You know that you should use botnet detection tools and run regular malware scans.
And finally, you know at least on paper, that regular updates are important.
But do you know how important they are? As it turns out, they’re actually your best defense against attack methods like WannaCry. Consider: in Fortinet’s 2017 Global Threat Landscape Report, it was revealed that 90% of organizations globally were victims of security flaws that were three or more years old.
That same report found that 60% of organizations around the world recorded flaws that were over ten years old and remained unpatched.
WannaCry itself exploited just such a vulnerability. The fact that it was so devastating speaks to how widespread legacy architecture is throughout enterprise. And it also speaks to why that should change – and fast.
“Regularly scheduled patching, replacing older and outdated technology, and appropriately segmenting risky application and device traffic such as IoT and P2P will go a long way towards reducing the potential attack surface and minimizing risk,” explained Fortinet. “the rise in the sheer volume of data entering networks, combined with the increasing percentage of that data now being encrypted, means that many traditional security solutions and access points are simply not up to the task.”
In other words, update your architecture, make sure your software is up to date, and consider revisiting your security solutions. Ransomware is rapidly becoming more advanced. It’s not going to stop and wait while you catch up.
You need to be proactive and get ahead of the game. Because if you don’t, you will eventually get burned.
Max Emelianov started HostForWeb in 2001. In his role as HostForWeb’s CEO, he focuses on teamwork and providing the best support for his customers while delivering cutting-edge web hosting services.