Fighting ransomware Sourcing out network security tasks is the way to go for SMEs

01 Sep 2021

Just when you think ransomware gangs only target big corporations, you may be surprised by some figures released last year: in 2019 nearly half of SMEs fell victim to ransomware attacks, and they suffered a loss of US$400,000 on average! For SMEs, one ransomware attack is one too many.

Ransomware is the number one enemy of companies around the world. In the US, fuel supplier Colonial Pipeline, global food company JBS and IT management service provider Kaseya were respectively hacked by ransomware between May and July 2021 and were forced to pay up up to tens of billions of US dollars in ransom. Just when you think ransomware gangs only target big corporations, you may be surprised by some figures released last year: in 2019 nearly half of SMEs fell victim to ransomware attacks, and they suffered a loss of US$400,000 on average! For SMEs, one ransomware attack is one too many.

Table of Content

Rampant ransomware’s ever-increasing threatening tactics
Ransomware attack tactics
SMEs’ susceptibility to network security
Outsourcing - way to go

Rampant ransomware’s ever-increasing threatening tactics

According to a cybersecurity research report released by CrowdStrike in 2020, 81 percent of cyberattacks involved the deployment of ransomware, making ransomware the most popular means of hacking for cyber gangs. In recent years, ransomware attacks have been evolving. Whereas attackers in the past simply encrypted the computer and stored data of an attacked enterprise, today they use a double extortion approach, which involves threatening to publish stolen confidential data, such as financial statements, contracts, and the private information of their victims’ business partners or customers. REvil ransomware even goes so far as to reach out to the media or their victims’ business partners to force their victims to pay ransoms. Even if a company has backup copies of their data, they are not able to dodge troubles by restoring the backup. Business owners should take the ransomware issue seriously. Warding off intruders at source is the best policy.

81 percent of cyberattacks in 2020 involved the deployment of ransomware, making ransomware the most popular means of hacking for cyber gangs. In recent years, ransomware attacks have been evolving, today they use a double extortion approach, which involves threatening to publish stolen confidential data, such as financial statements, contracts, and the private information of their victims’ business partners or customers.

Ransomware attack tactics

We previously discussed why SMEs are easy targets of hackers. Now let’s look at the four most common tactics used by ransom gangs, which respectively involve sending phishing emails, intruding into remote work systems, attacking end-point devices, and taking advantage of software and hardware loopholes.

Phishing emails	42% of ransomware attacks begin with the sending of phishing emails. The hacker may send a phishing email in bulk to an indiscriminate recipient list or to specific persons. When unsuspicious employees click on a malicious link inside the email, they are likely to land on a fake landing page and the login details of their company email accounts may be stolen. Then the hacker will be able to enter the company’s internal network and install a ransomware, or simply send an email attachment and directly bring a ransomware into the internal network.
Break-in of remote working platforms	The coronavirus pandemic has led to an overhaul of the way employees work, as many companies now adopt a large number of remote work tools or cloud services to enable workers to work from home. When the login setting of an employee’s email account is not properly configured, a loophole may be created for hackers to use brute-force to work out the account password and gain access to the company internal network to install a ransomware.
Attacks on end-point devices	Working in the company office, employees enjoy a higher level of network security as they are protected by corporate network security tools. When working remotely, however, they operate outside the official workplace and therefore face a higher risk of being hacked via end-point devices, such as laptops and smartphones.
Loopholes of hardware and software	Sometimes hardware manufacturers or software developers may identify loopholes in their products even after the products have been launched. To ensure the loopholes are not exploited by hackers, hardware manufacturers and software developers provide system updates on an ongoing basis to plug the loopholes. In case a company fails to update the related systems timely, hackers may easily hack the company by taking advantage of the known loopholes. The problem is aggravated by the fact that a great variety and a large amount of Internet of Things products have found their way into the internal systems of many companies today.

Learn more about Cyber Security Services

SMEs’ susceptibility to network security

Even when SMEs are well aware of the common tactics used in ransomware attacks, these companies are unlikely to safeguard their network security on their own. There are two main reasons for this.

Inadequate funds	With limited resources, SMEs tend to give top priority to new work equipment, marketing and promotion campaigns, and IT management tools. They may not want to spend money on tools designed to safeguard network security or hire an adequate number of skilled workers to maintain network security. As a result, they face greater security risk than they should.
Serious shortage of network security talent	Currently network security experts are seriously thin on the ground in the job market. It is estimated that globally some four million cybersecurity-related job vacancies remain unfilled in 2021. Even if companies are willing to spend money on recruiting talent, they still struggle to find the people they need.

要確保資訊安全，防止資料外洩，企業必須主動做好預防資料外洩（Data Loss Prevention, DLP）工作，認真考慮採用合適的文件安全解決方案。

Outsourcing: way to go

As far as SMEs are concerned, relying on oneself to maintain network security and counter ransomware attacks and other hackers is outdated thinking. The most efficient approach is actually to outsource IT and network security-related tasks to providers of Managed IT Services or Cyber Security Services. Market research reports indicate that with the problem of cyberattacks becoming more acute, about 24% of companies are inclined to outsource their work in order to ward off hackers as soon as possible. There are several advantages in outsourcing IT and network security-related tasks.

Use of advanced tools	To meet the needs of their customers, providers of managed-IT-services use various advanced management tools to keep themselves abreast of the latest development related to cyber attacks and threats. This way, SMEs do not need to purchase network security tools themselves, nor do they have to rely solely on their own IT staff to analyse the latest cyber attack trends. These providers can also establish connections with a company’s IT tools, so as to monitor the data transmitted via the company network. This will effectively boost the transparency of the company’s network security, minimise the possibility of the emergence of loopholes, and prevent ransomware intrusion at source.
Technical support 24/7	The IT teams of managed-IT-services providers consist of professionals who hold various cybersecurity-related accreditations. They are more capable of identifying loopholes in corporate IT systems and formulating the safest network security solutions in accordance with the industry-specific needs of their clients. With practically a virtual IT team working around the clock, companies need not worry about a cybersecurity vacuum in case of staff departure.
Minimise costs of business interruption	Because managed-IT-services providers can help companies prepare backup and draw up plans to restore the backup in case of cyberattacks, company systems and files can be restored quickly via the backup, and costs resulting from business interruption can be minimised.