I woke up the other day, opened my email, and received an unpleasant surprise: overseas hackers had made numerous attacks against the office account of my wife, Jennifer, the CEO of eMazzanti Technologies.
Fortunately, our geo-blocking and other digital defenses kept the bad actors at bay — but many organizations, particularly smaller businesses, are not so fortunate. Some reports indicate that 28% of data breaches involved small businesses — and in one survey, 72% of responding organizations say they have been targeted by ransomware while 13% report they were hit with up to 10 ransomware attacks during the year.
“Fish” on the Hook
It is nothing personal. Regardless of the size of a business, the industry vertical, or the geographic location, cybercriminals treat ransomware as “the gift that does not stop giving.” Businesses that pay a ransom will end up on a Dark Web list of “fish” on the hook for repeated attacks.
Most successful ransomware attacks share a common feature: attackers can compromise one or more highly privileged user accounts. In some cases, hackers gained access to a domain-wide administrator account, while in other cases, multiple local administrator accounts shared the same password.
To guard against this kind of intrusion, organizations should implement several “best practices” around credentials. A good starting point is to grant the minimum amount of access necessary. Tools like Microsoft Entra can strike a balance by enabling strict authentication protocols while making it easier for trustworthy users and devices to quickly access necessary services and files.
Microsoft Entra Verified ID, for example, provides the capability for decentralized identity technology that gives users verifiable credentials that work across multiple applications and services.
Zero-Trust Policy
Businesses can also fortify their digital moat with zero-trust policies that protect systems by requiring authentication every time a user or device attempts to access the network and by using multifactor authentication and randomized administrator passwords to provide additional layers of critical security.
Geo-blocking is another essential component. By enabling organizations to prevent access from specific countries, geo-blocking can keep nation-state hackers from accessing business systems. For example, if a company has no customers in Russia, it may choose to block internet connections from Russian sources. Firewall settings or geo-based policies in Microsoft 365 make this possible.
One of the most common, yet deadly, tactics used by cybercriminals is “phishing,” which involves sending emails or other messages that appear to be from reputable companies – but are not – to induce individuals to reveal sensitive information, like business or personal passwords and credit card numbers.
But a Cyber Security layer and phishing awareness training can help keep employees and other users from falling into a phishing trap. Such training, often provided by an experienced Cyber Security managed services provider, can teach users about recognizing telltale signs of a phishing attempt like a sense of urgency, slight errors in the sender’s email address or URL, poor grammar or spelling and unsolicited attachments.
Attackers are continually upping their game, so the threat landscape is changing continuously. To guard against ransomware and other threats, business owners should supplement their Cyber Security activities with periodic risk assessments and adjust their strategy accordingly. A managed IT services provider can tailor solutions that align with an organization’s budget, and the initiative will yield an impressive return on the investment.