This story AND all the rest just like it, are ABSOLUTELY unfortunate. Yes, it is organized crime and it is unquestionably devastating. Yes, it can be targeted. And yes, cyber criminals can and will continue attacking.
Organizations struggle to put forth proper and expanded budgets for these additional layers of cybersecurity protections. Technology departments are understaffed, taxed, and overwhelmed with needing to implement and architect these solutions. I UNDERSTAND.
“These things happen”. No! They really don’t have to.
If we implement proper preventions in place, if we put proper backup and disaster recovery systems in place, if we add more layers of security– then we can PREVENT these types of disasters in our government, our schools, our hospitals, and our businesses.
YOU do NOT have to be a victim of cybersecurity threats. We can protect ourselves.
It is true. Backup systems CAN be attacked and encrypted, but they can also be kept absolutely safe. This is dependent on the technologies used and off-site components. Most cheap solutions are done with software on the network (NAS devices with shares, which are vulnerable to ransomware). What is better? More wholistic solutions because they are not openly available AND have secure encrypted off-site copies of ALL data.
With so many public breaches of our data and more importantly our passwords, every organization MUST implement two-factor authentication (2FA). This protects breaches from user passwords that have been exposed on the dark web, which potentially gives the bad guys access to our systems.
In addition, keep users and teams with minimal privileges necessary to complete their work. When users have admin rights, bad things can easily happen. Our teams NEED to be educated with an ongoing and adapting manner to keep us all aware of what to look out for. We find these and many more VULNERABILITIES in most all of the new clients we onboard.
Paying ransoms do not work. It incentivizes these criminals to continue working in this fashion, holding us hostage. Paying ransoms does not get all systems put back together like they were before. It may not even get all of your data back. PREVENTION is the best solution to these avoidable threats.