2016 saw a surge in ransomware attacks. There were four times as many total attacks as in 2015. In 2017, the problem will get worse with experts estimating there will be a 25% increase in new ransomware families, providing more opportunities for hackers.
Last year, nearly half of all ransomware attacks targeted the healthcare industry. Yet other sectors are also seeing more attacks including higher education and financial services.
- Your organization provides services that are vital for public health and safety.
It’s not a coincidence that hospitals and other healthcare organizations have historically been a prime target for ransomware attacks. More recently, other institutions that provide vital services—including fire departments, police departments and public transit providers—have also been targeted.
These organizations are enticing to hackers precisely because they can’t suspend operations for long periods of time without affecting massive amounts of people, perhaps even endangering lives. In that sense, a hospital is a more likely prospect for a big payout than a retailer. To compound the problem, many of these organizations rely on older software and infrastructure, which makes them easier to hack.
- Your employees have received little if any training about good cybersecurity habits.
Hackers rely on employees’ ignorance and carelessness to carry out a ransomware attack. If your employees haven’t received comprehensive training and regular reminders about best practices, they may be vulnerable to a phishing scheme or social engineering ploy designed to solicit sensitive information.
Some organizations have been targeted for ransomware attacks precisely because they traditionally do not provide cybersecurity training to employees. Last year, several churches were attacked.
In today’s world, it’s not sufficient to give new employees a single cybersecurity training session. To ensure that employees are truly exercising diligence, you need to test them regularly and let them know the results.
- You haven’t clearly defined user roles and levels of access to your most valuable data.
Since the human element is oftentimes the weakest link in cybersecurity, it is critical to clearly define user roles. If an employee does not require access to particular data in order to carry out job functions, they shouldn’t receive it. Hackers are aware of which organizations offer generous data access to all employees, and target their attacks accordingly.
Ransomware Prevention Steps
If one or more of these signs apply to your organization, you don’t have to be a sitting duck. There are steps you can take to protect yourself.
Istonish works with organizations to deliver comprehensive protection from ransomware and other advanced threats. Through our partnership with Fortinet, we offer the advantages of an Advanced Threat Protection (ATP) framework that seamlessly integrates threat prevention, detection and mitigation — and even provides protection from previously unknown threats. Contact us to learn more.