The headlines reporting ransomware attacks are becoming more frequent and scary. This has many businesses, governments, and everyday people asking, “What can we do?” The responses range from “increase (or even implement) a ransomware budget,” to “let’s just end the Internet.” It leaves those impacted by ransomware even more confused and alarmed.
So where is the productive, middle-ground sweet spot in the fight against arguably the biggest threat on the Internet today?
The Best First Step? Know Thy Enemy
The first step toward understanding how to ward off any threat is to recognize what the threat is and how it gets a foot in the door. In the case of ransomware, an attacker needs access to the computer on your kitchen table, the PC of someone in accounts payable, or the device in your pocket in order to succeed. In other words, it needs to gain a foothold in in your IT operations.
(Need to learn more about all aspects of ransomware? This book can be your guide).
This means that the weakness being targeted by ransomware attackers has three traits in common. All three involve the use of computer hardware, all three use software (whether traditional or app-based), and all three will access or create data.
And while any of these present potential attack points, they’re not enough to be the point of entry on their own. Hardware systems, apps, software applications, and operating systems still require some sort of interaction to tell them what to do. It is through this interaction that ransomware can enter a network, a database, or a singular device to cause chaos and dismay for one party and become another party’s financial windfall.
The Answer Is in the Mirror
The most important piece of the puzzle required to successfully initiate a ransomware incursion is the person in the mirror. It’s the user interacting with a computer system who is the weakest link in your security chain. The inadvertent click of a mouse or the failure to notice the missing “c” in a fake Starbucks marketing email is all an attacker needs to plant the seeds for an attack.
Attackers have mastered the ability to produce branded emails or communications that are authentic in their initial appearance, making them hard to spot for even a trained security engineer’s eye. But there are ways to learn how to better identify phishing and train our responses such that they work to inhibit, and not promote, the propagation of a would-be ransomware attack.
Education Is the Most Effective Deterrent
Stepping up education in how to spot and react to phishing or social engineering attacks provides the most effective first line of defense. The basics of identifying a malicious email are easy to identify and learn:
- Watch for misspellings, especially in brand names, or in your name if the email is directly addressed to you.
- Hover your mouse cursor over a provided link; does it go to the brand’s website, or does it look like a collection of random characters?
- Using the same technique dance the last step, figure out whether the website goes to the country of the actual business or if it ends in, for example, .ru or .cn?
- Fine print may be in a different language than is used in the message body.
- Does the deal or point of engagement sound too good to be true?
These are just a few of the details that can quickly identify a malicious email that can serve as an entry point for ransomware code. Others, such as slightly altered brand logos, can serve as indicators that the email on your screen is not what it seems.
The Fight Against Ransomware Starts and Ends with Us
Successful ransomware attacks are heavily reliant on the human interactions within technology. In addition to social targeting or phishing emails, misconfigured hardware or software and weak security protocols, such as weak passwords or single-factor authentication, work to create a perfect environment for ransomware attackers.
This means that, to reduce the risk of falling victim to ransomware, it’s important to change the bad habits acquired while using technology. Doing so will protect you from the dangers of an expensive—even possibly fatal to your organization—ransomware attack.