Ransomware is a growing problem for organizations. The rate of increase in incidents is skyrocketing in governmental agencies and small to medium businesses. The Cybersecurity and Infrastructure Security Agency (CISA) estimates that a ransomware incident occurs every 14 seconds. While the average costs of ransoms are increasing the real cost to an organization is downtime and loss of reputation.
What is Ransomware
Ransomware is malicious code that denies access to data stored on a computer or system. Access to data is denied until a ransom is paid in cryptocurrency. There is no guarantee that data will be restored once ransom demands are met. Because ransomware is typically spread by phishing emails or visiting infected sites it is difficult to mitigate through IT solutions alone. Effective preventive measures require organizational awareness and regular training of all personnel.
Recent Incidents of Ransomware in the News
- The Washington Times reported that The George W. Bush Presidential Center was hacked on August 1, 2020. A ransom was paid by Blackbaud, a third party data management service to retrieve unencrypted donor data.
- The city of Lafayette Colorado was hacked on August 5, 2020. As a result city emails, phones, and online payment portals were disabled until a $45,000 ransom was paid.
- Canon confirmed that it was hit with a ransom for their photo and video storage service on August 6, 2020. This resulted in the site being down for over six days.
Precautions and Mitigations
CISA recommends that users keep software and operating systems up to date. It advises that data backups be performed on a regular basis. It also advises to not click on attachments in unsolicited emails and to practice safe internet browsing habits. These are excellent recommendations but difficult for an organization to effectively implement.
Effective protection of data requires the implementation of an Information Security Management System (ISMS). ISMS such as ISO 27001 and NIST 800-171 incorporate risk assessment and incident management plans and procedures. They also include asset management and include scheduled training for all personnel.
CVG Strategy is aware that ransomware is a growing problem and is committed to helping organizations protect themselves and their data. Our consultants can tailor an ISMS that meets your organizations requirements. Contact Us today to see how we can help.