Cyberattacks are never going away; in fact, things appear to be getting worse. The complexity of attacks has escalated, resulting in more sophisticated, targeted takedowns. Just look at the attacks in Baltimore, Atlanta, Florida, and Spain within the past few years. Organizations around the world have had their operations halted by ransomware, with some taking weeks to get back to normal. It’s important to remember that hackers aren’t just targeting SMBs or enterprises—many government organizations have suffered from serious cyberattacks.
What is 2020 looking like in terms of ransomware attacks? Not great. According to Cybersecurity Ventures, global ransomware damage costs will reach an estimated $20 billion by 2021, and a new organization will fall victim to ransomware every 11 seconds by 2021. All this data predicts that ransomware threats are actually going to increase as we move into 2020.
Remember the lessons, do your homework, and deliver results
Back in 2017, WannaCry and Petya taught organizations why it is critical to keep systems up-to-date. More recent attacks on US and Spanish organizations highlight that system and application updates are yet to be taken seriously. Earlier this year, RobinHood ransomware infected the city of Baltimore’s servers, wreaking havoc for more than a month. A similar attack targeted Atlanta in early 2018. This year, we’ve seen two cities in Florida decide to pay ransoms to retrieve their encrypted data.
While the world continues to debate the ethics of the ransom paid in Florida, multiple Spanish organizations have become victim to BitPaymer ransomware; this malware infected Everis, a well-known IT consultancy in Spain, and Spain’s national radio station, SER, on November 4, 2019. Around the same time, an Indian nuclear power plant in Kudankulam confirmed that it had also become victim to a cyberattack allegedly executed by three different groups of hackers from North Korea.
These headlines are just another reminder for businesses to ensure they have appropriate proactive cyberstrategies in place to avoid becoming victim of a cyberattack. These recent attacks are another warning for IT departments to do their homework and deliver results by securing their organization against malicious actors.
Suiting up for 2020
Businesses need to redefine their cybersecurity strategies before it’s too late. Here are a few cybersecurity best practices IT departments can follow to avoid falling victim to cyberthreats:
1. Implement robust firewall configurations that can alert network administrators about any malicious behavior.
2. Leverage continuous network monitoring and reporting to detect all traffic, including anonymous traffic moving through the network.
3. Keep operating systems, applications, firmware, and drivers up-to-date.
4. Migrate machines from Windows 7 to Windows 10, as security updates and technical support for Windows 7 end on January 14, 2020.
5. Manage roaming devices using proper mobile security management policies.
6. Define and implement a proper cyberattack mitigation plan.
7. Equip advanced threat detection systems, along with security identity and event management (SIEM) strategies.
8. Consider browsers as critical endpoints, and secure the extensions and plug-ins within them.
9. Revisit data leak policies and elevated user privileges before hackers tap into business-critical documents.
10. Periodically evaluate any adoption of AI, machine learning, and automation for cybersecurity needs to keep vulnerabilities patched.
Businesses need to ensure they have the right cyberstrategies, skills, and awareness to keep their organization better protected from cyberattacks. Achieving one-hundred percent security is a myth and will continue to be a myth, but with all the above mentioned cybersecurity best practices, businesses can at least become less of a target.