Cybercrime, and particularly ransomware attacks, have long been issues facing businesses and their IT departments, but since the beginning of the COVID pandemic, ransomware attacks have risen by over 400%. It would seem that widespread, biological viruses go hand in hand with technological ones as well.
As the pandemic drove us to our homes and caused a huge surge in remote work, it also was the catalyst for additional cyber security vulnerabilities. IT departments are no longer able to manage every security threat in house, or under the umbrella of company security measures. The use of personal devices and personal or public networks, coupled with the fact that most employees don’t know what security measures they have in place, has left gaping holes in business’ ability to perceive threats and prevent attacks.
Not only is business’ security lacking, but ransomware continues to be easy, lucrative, and effective for cyber criminals. It takes minimal effort for them to pull off these attacks, and that payout is usually in the millions. These attacks are so appealing that lower level criminals will often use malware provided by cyber “gangs”, who then receive 20-30% of the ransom money in return.
Ransomware attacks operate via three different, yet simple steps. First, it locks users out of files or out of the entire computer with encryptions. Secondly, cyber criminals deliver the demand for payment in order to hand over decryption keys. Thirdly, ransom is paid through cryptocurrencies, such as Bitcoin, and the business is left to pick up the pieces and recover from the massive blow the best that they can. Sometimes, there’s just not enough left to make recovery possible.
Unfortunately for SMBs, these threats are even more serious as a single ransomware attack can literally cause their business to fail. Ransomware attacks are expected to reach a cost of 2 million dollars per victimized business in 2021, and the total cost of ransomware attacks is expected to reach over 20 billion dollars this year as well. The projection is that 75% of businesses will have experienced an attack by 2026.
Although most businesses do have security measures in place, it’s not nearly enough. Most SMBs are short-staffed when it comes to security professionals. They don’t have cyber security plans and policies in place, and they haven’t, or aren’t able to budget the amount of money necessary to be fully secured, including having on-site cyber security staff.
Cyber security technologies are valuable and can prevent many attacks, however with the current surge we’re seeing, these technologies are simply flooded and they can’t be as effective as they need to be against the “human element” of it all. Behind every cyber crime is a person; a person who knows how security technologies operate, and how to get around them. Human intuition simply cannot be replicated, and it takes the same on the end of cyber security in order to effectively protect against these attacks.
With the sophistication of cyber attacks increasing all the time, businesses need people on their side to wade through it all. The average person receives 63.5 notifications every single day, with security analysts receiving even more. A trained cyber security analyst will know how to identify malicious code and warning signs. They will be able to understand context, relevance, and attack motivation, and they can recognize actual threats from those that are not.
As long as there are people behind cyber attacks, there will need to be people behind cyber security.