While ransomware has long been an epidemic, the latest figures are chilling: 61 percent of business surveyed last year said they had been hit by ransomware, according to a CyberEdge Group study.
“Security is always an arms race,” said Patrick Traynor, who is an associate professor in computing at the University of Florida and specializes in anti-hacker software.
Construction businesses that have been devastated know too well how it unfolds. You wake up one morning to find a message on your computer screen announcing that your computer has been hacked. If you want your encrypted files back, the message informs you that you will need to pay the hacker for the privilege.
“The findings of CyberEdge’s latest Cyberthreat Defense Report are consistent with what we are seeing in the industry,” said Mike Rothman, president of Securosis. “There are more attacks, more sophisticated malware and more complexity ahead relative to skyrocketing cloud usage.”
This difficulty is compounded by the global security skills shortage and the ongoing inability for most employees to not click on links that will compromise their devices. Perhaps the most sobering revelation was the breadth of organizations surveyed in the study. All told, CyberEdge researchers surveyed 1,100 security decision-makers representing 19 industries in 15 countries. Each respondent employed at least 500 employees.
Moreover, CyberEdge is not the only research firm documenting a major spike in ransomware victims. Information Security Media Group and Trend Micro came out with their own 2016 study, which found 53 percent of United States firms surveyed reported they were hit with ransomware. Nineteen percent of organizations said they are hit with ransomware attacks more than 50 times each month.
“Ransomware became one the highest profile challenges facing cybersecurity professionals in 2016,” said Tom Field, vice president of editorial at Information Security Media Group (ISMG). “Based on our research, we feel that nothing indicates a slowing down of this problem. In fact, we may have only scratched the surface. With organizations reporting that their own employees are their greatest threat exposure, I expect a drastic increase in training, awareness and vigilance across all organizations in 2017.” Not surprisingly, the greatest consequence of ransomware was significant business disruption, according to ISMG. Fifty-nine percent of victims said their businesses had been disrupted by the attacks. And 28 percent said their reputations had been damaged. The two studies were echoed by a third study released by SonicWall, which found that 638 million businesses were hit by ransomware in 2016, up from 3.8 million attacks in 2015.
A key factor behind the spike was the proliferation of “ransomware-as-a-service,” according to Bill Conner, CEO of SonicWall. The term refers to ransomware-to-go software packages, which are easy to buy on the web. They make it simple for criminals with even extremely limited technical knowledge to become hackers.
Also contributing to ransomware’s rise has been the growing reliance on the internet of things, or devices businesses have connected to the internet, such as surveillance cameras, phone systems, security systems, smart terminals and smart vehicles. Turns out, the computer software on all those devices is by-and-large unsecured.
So what is a construction business to do? With a majority of organizations already victimized, it is imperative to marshal your cyber defenses. Below are some best practices recommended by information technology security experts.
- Enlist your employees in the fight—Fully educating your employees about the hacker threat is your first line of defense against ransomware. Indeed, 60 percent of respondents in the ISMB study saw susceptibility of employees as the primary entryway that hackers use to break into business computer systems. Essentially, new employees need to be given a crash course on the common ploys hackers use to infiltrate company systems via the ransomware links that they send in emails or with the seemingly innocent requests they make for IDs and passwords over the phone. Moreover, current employees need to be monitored by firms like Knowbe4.com, which will test your staff with common hacker ruses regularly, and send you a report on which employees are falling for the hacker tricks.
- Create a system image of your computer that features no data—While it is all the rage these days to create continuously updated system images of computers, complete with data, it is better to also create a separate system image featuring no data. If you create a system image featuring no data, before you ever link the computer to the internet, you will know that particular system image is completely free of ransomware, malware and other viruses. Once that computer is connected to the internet and you begin generating data on the machine, there is always a chance ransomware gets downloaded onto it and is simply lying in wait for a time to strike. If that strike happens, you will be able to reformat the PC with the system image you have that features no data, just your operating system and applications.
- Backup, backup and backup—Now, more than ever, IT security experts are strongly recommending construction businesses to create three backups of their data. The idea is to have your data continuously backed up to a data storage unit premises, and then have a second copy of that backup go to the cloud. The third backup, often referred to as “cold” storage, should be made daily to a storage device that is never connected to the internet. In practice, that means disconnecting your computer or network from the internet once a day and backing up all newly generated data from that day onto the cold storage device, disconnecting that updated storage device from your computer system and then reconnecting your computer system.
- Use military-grade wiping software if you have been hit—If you’ve been hit by ransomware or some other virus, you can use military-grade wiping software from firms like WipeDrive Small Business to wipe your hard drive clean of the malware. It’s the same kind of software used by the U.S. Department of Defense to restore infected hard drives, and it gives you advanced options, including network wiping, remote wiping and advanced reporting.
- Consider taking a hammer to your hard drive if you’ve been hit—Given that ransomware is a never-ending battle, hackers are well aware of what tools businesses are using to thwart their software, and they are working diligently to neutralize those protections. So if you have been hit by ransomware and you know it only impacts one computer, it may be easier to simply remove the hard drive and replace it with a brand new hard drive. The move is much safer than trying to remove ransomware from a hard drive, which could take hours for your IT person to accomplish. Even then, your IT person will never know for sure if the ransomware has been completely removed from your computer.
- Look to artificial intelligence for help—Supercomputers, like IBM’s Watson, are being trained to leverage artificial intelligence in the fight against ransomware. “Combining the abilities of man and machine intelligence will be critical to the next stage in the fight against advanced cybercrime,” said Denis Kennelly, a vice president of development and technology at IBM.
