Canadian Companies Paying Ransom
A new report has found a concerning trend when it comes to paying ransomware demands.
The Canadian Internet Registration Authority (CIRA) analyzed just over 500 Canadian companies in July and August 2021 and found that almost one in five were the targets of a successful ransomware attack. The kicker, however, is that 70 per cent of those companies reported paying the ransom.
As Prophet Businses Group has detailed in previous blog posts, paying the ransom rarely pays off. Many organizations elect to pay because they fear their organization's brand will suffer if they are publicly outed as the victim of an attack. Despite this very real concern, hackers don't often go away quietly after they get their money.
Cybereason released a report earlier in 2021 that analyzed over 1200 companies around the world and found that 80 per cent of the companies that paid the ransom experienced another attack a short time after. The report also found that many of the companies who paid up got their data back, but it was either incomplete, corrupted, or both. Other cybersecurity organizations, such as Barracuda Networks and the Cybersecurity and Infrastructure Security Agency have noted that hackers are adapting the ways in which they try and break into networks. They no longer focus on people in leadership or finance roles, but will target employees at all levels by using business-centric keywords to get people to click on links or attachments connected to credential harvesting sites.
The pandemic has also created a new climate for IT and cybersecurity professionals, who now have a wider network to maintain with hybrid work becoming the new normal in many sectors. While companies have ramped up safety measures, this change has also created more opportunities for hackers, as ransomware attacks have increased during the pandemic.
There are several mitigation strategies your company can use to help protect its data, including:
- Ensuring you have a backup plan that is consistently monitored and tested and encompasses on-site, off-site, and cloud - this ensures you always maintain copies of your data
- Enabling multi-factor authentication - this ensures your company has multiple layers of security and can stop hackers even if they successfully acquire email credentials
- Educating your staff on how to spot suspicious emails and report them to IT staff/providers so they can investigate and remediate - this can include a combination of "in class" style learning, internal information documents, or running simulations to test your staff's readiness
Prophet Business Group can help you with all three of these strategies through our Managed Services department. Our goal is to help you develop a cybersecurity strategy that gives you peace of mind.
Please call us at 204-982-9890 or email firstname.lastname@example.org to ensure your company and its data is protected.