– By Lila Kee, GlobalSign –
Ransomware continues to be a massive concern for organizations worldwide. In 2020, ransomware exploded, and the payout to cyber criminals grew by almost 171% compared to 2019 according to Palo Alto Networks. More specifically, their cybersecurity researchers found that the average ransom paid in exchange for a decryption key to unlock encrypted networks rose from $115,123 in 2019 to $312,493 in 2020.
One way a ransomware attack can occur is through successful phishing email – and that can happen when an organization’s email is not secure enough. Which is why companies must harden their email to avoid what can be devastating consequences of an attack.
Once the pandemic began in the winter of 2020, phishing attacks increased by more than 600%. Spear phishing – a type of phishing that is specifically focused on a particular person or organization – has also been on the rise in the last year. For example, in March of 2020, cyber criminals managed to trick thousands of users to share their login credentials by impersonating Google file-sharing and storage websites.
With ransomware being a popular and quite frankly, profitable for cyber criminals, companies need to implement various tools and strategies to reduce the chances of being attacked. These can include:
Train employees to spot phishing emails. Teaching your employees how to recognize signs of phishing is critical. Running through scenarios such as incorrect email addresses, suspicious URLs and attachments, improper spelling and grammar, along with simulation training, is necessary and should be a line-item budget for every business.
Implement S/MIME (available in most popular email clients). Secure/Multipurpose Internet Mail Extensions (S/MIME) is based on asymmetric cryptography that uses a pair of mathematically related keys to operate – a public key and a private key, protecting your emails from unwanted access. Every time you create and sign an email, your private key applies your unique digital signature into your message. When your recipient opens your email, your public key is used to verify the signature. This ensures your recipient knows the emails came from you.
Invest in a Virtual Private Network (VPN) router. A VPN router encrypts your IP address to hide your internet activity and data, a significant obstacle for a bad actor to overcome.
Unfortunately, ransomware attacks are now a reality. But by putting these tips into use, along with other necessary technologies, you and your organization have a better chance at successfully beating hackers at their own game.
