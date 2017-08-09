By Shawn Freeman

By the time you finish reading this, there will already be a new form of ransomware on the market. The cost of downtime across North American businesses was more than $700 billion last year. This May, the WannaCry ransomware attack hit over 200,000 victims (mostly businesses) in 150 countries, according to Europol Director Rob Wainwright. What’s even scarier than the attack is how it spread.

WannaCry exploited a National Security Agency backdoor vulnerability in older Windows operating systems, allowing it to spread without any user interaction by heap spraying code into the Windows shell. It was effective because people (especially businesses) don’t update their machines and still use Windows XP without patching all the necessary updates.

With the profitability of ransomware over other cyberattacks like the Mirai botnet, you should expect their frequency to increase, not decrease, as time goes on.

Who’s helping whom?

Not only does WannaCry exploit an NSA backdoor, but it’s believed to be an NSA cyberweapon itself. This is the reason many technology advocates feared government backdoors in the first place, as it leaves a vulnerability in everyone’s software. This ransomware hit hospitals, factories and other large organizations, crippling many important operations before it was (temporarily) stopped.

Users are being forced to pay upward of $600 just to unlock their valuable data. This should serve as a wake-up call to anyone who still doesn’t believe cybersecurity is one of the most important issues facing us today. It’s always better to be proactive, especially when you can’t even tell who’s helping (and who's hurting) anymore.

The real victims — and what they can do about it:

While major corporate hacks like Target, Yahoo and Sony get all the press, it’s small- and medium-sized businesses that are feeling the biggest squeeze. They’re the ones lacking the time and money to properly evaluate network security. But it can’t be ignored.

Security requires a budget and other resources, and by working with a good IT service provider, you’ll have your bases covered with several layers of protection, including backup and disaster recovery. In today’s environment of sophisticated cyberattacks that can shut down operations, automated threat intelligence and tools are needed to stay safe.

At a bare minimum, take fundamental steps to remain safe long enough to afford professional security. A majority of security issues can be resolved with three easy steps:

1. Install security basics. No system is completely secure, but you can put layers in place to be more secure. Treat company data like a business-owned commodity and secure it as such, whether accessed in the office or from remote locations. A hardware firewall, software firewall, antivirus, antimalware and virtual private network are necessary to get started.

At TWT Group, we use Cisco’s Meraki and Umbrella (based on OpenDNS, which Cisco bought), and together, they create a great firewall solution that’s cloud-based and protects against ransomware, among other threats. CUJO is another hardware firewall that’s an emerging solution for home and small-business networking equipment. The security strategy we deploy has a minimum of five layers at all times and several redundancies — such as both cloud-based and physical backups of data — to keep our bases covered. Always layer tools and techniques for protection, backup and disaster recovery to ensure you're fully secure.

2. Keep machines updated. Of course, not even the best security hardware and software in the world can keep data safe if it’s not updated. One single exploit, like the missing Windows 7 security patch that could have protected most of WannaCry's victims, is all it takes for a malicious hacker to take over your system and hold it for ransom, and these are often patched by security and other software providers as soon as possible.

To get your entire company's systems updated, you need to use the right tools. Many managed IT service providers will not only install these for you, but they'll also monitor systems to ensure nothing goes too long without a reboot or getting critical patches applied. Keeping your machines updated yourself — and trusting your staff to do the same — can be asking for trouble. Automate your updates for firewall and antivirus programs to make sure you always have the latest security measures, and audit your systems regularly to identify and shore up vulnerabilities.

3. Plan for disaster. But even with the best-laid plans, disaster will inevitably strike. It’s important to always save your work. There was a time when that just meant clicking a disk icon, but now you’ll need to back up locally and in the cloud repeatedly to ensure there’s always a contingency in place. The last thing you want is to have ransomware or any other virus take you off-guard and infect the entire office.

To prepare, imagine the worst-case scenario and plan for it. For example, what would you do if all your data were locked by ransomware with no hope of retrieval? Create both physical and cloud-based backups so you don't lose that data forever. What if you let an employee go and the ex-team member bitterly wants to destroy everything you’ve built? For security, you should have a strict process in place to immediately terminate departing employees' user access and wipe or lock any devices that contain company data.

Remember when I said there would be another ransomware attack by the time you finished reading this? Here it is. I don’t mean to sound like one of those doomsday prophets, but it’s true: Vigilance is the only defense against cyberattacks. Make sure your company is prepared to recognize and handle these things to keep the entire network safe. The fate of your business could very well depend on it.

