Ransomware is used by hackers as a form of cyberwarfare, for personal financial gain, or for activism. This was recently portrayed in the season premiere of Mr. Robot, in which a hugely powerful company was publicly humiliated by such an attack.
It’s a potential scenario that keeps enterprise tech executives up at night – I’m sure more than a few CTOs and CISOs had a hard time sleeping after watching this episode, even though it is fictional. However, middle-market tech executives tend to be less worried.
It’s not that they don’t think about it, they just think a hacker is less likely to target a smaller organization with less revenue and fewer valuable assets. This is exactly why they are more vulnerable.
Middle-market ransomware attacks
While middle-market ransomware attacks do not usually make the news, they do happen. Some middle-market organizations are even more enticing targets than large enterprises. For example, a mid-sized legal firm that heavily relies on files for its revenue might have limited resources and less effective security and backup systems in place.
This is an easy payday for a hacker – the target is easy to penetrate, the tech team will be overloaded, and the firm can’t afford not to pay because the alternative would result in losing all of its business.
Mid-market companies can’t rely on hiding in the crowd and being anonymous. Ransomware is a generic, massively scalable attack that acts the same in any organization. It uses malicious email messages or compromised websites to generically infect as many users as possible, and then it runs generic crime logic to encrypt data. The result is devastating to a company of any size.
What should mid-size businesses do?
To fight an enterprise problem, you need enterprise security capabilities. Advanced security technologies are becoming more affordable and accessible for mid-size companies. When evaluating your options, consider that there are multiple ways to stop ransomware. To help prevent attacks, you’ll want a tool that can:
- Detect malicious email attachments before they are opened
- Alert users about malicious websites before they are able to navigate to them
- Identify malicious files before they are downloaded
Once an attack takes place, your last line of defense is to prevent the connection of the ransomware to its C2 (Command and Control) server to generate the encryption key and deliver the public key to the targeted machine. If you have technology in place to detect the outbound key request and stop it, you can prevent the encryption from taking place.
Ransomware is only going to get more advanced and persistent as hackers become increasingly sophisticated. It also doesn’t help that ransomware is gaining popularity as a go-to storyline in Hollywood, which only makes it more glamorous in the eyes of a hacker. Mid-size companies are not immune to the threat.
Don’t be an easy target because you think it can’t happen to you or that you can’t afford the necessary defenses. Arm your organization with protection that lets you put up enterprise-grade secure capabilities in your defense if an attack takes place at your mid-size organization.
Author Bio:
Ofir Agasi is Director of Product Marketing at Cato Networks with over 12 years of network security expertise in systems engineering, product management, and research and development. Prior to Cato Networks, Ofir was a product manager at Check Point Software Technologies, where he led mobile security, cloud security, remote access and data protection product lines. Ofir holds a B.Sc. degree in Communication Systems Engineering.