During a recent conversation with a client, the subject of cyber security came up. I was talking about the recent spike in cyber-crime. After sharing some fairly shocking statistics about the increasing frequency of successful cyber-attacks on websites, he said “My site has never been hacked, touch wood!” This got me thinking about the fact that, considering the relatively simple nature of the majority of these attacks, most website owners are using “Touch wood” as their cyber security strategy! Perhaps there’s a reason why I’m not a gambling man; I don’t have much faith in Old Lady Luck.
The Ransomware Pandemic
2023 has been deemed The Year of the Ransomware. In March alone there were 459 incidents measured by cybersecurity analysts; up 91% from the month before! The reason for this massive rise in incidents is due to a vulnerability found in Forta’s GoAnywhere MFT secure file transfer tool, exploited by the Clop ransomware gang, where data was stolen from 130 companies within 10 days. The Clop gang boasts an impressive repertoire of successful attacks against some of the biggest companies in the world, such as Morgan Stanley and the oil giant, Shell.
Is there any wonder that this alarming phenomenon is on the rise when cyber criminals are advertising their services on the Dark Web. You can now purchase Ransomware as a Service to use for nefarious gains against ordinary business owners, schools, health boards and anyone else with a network or website. I guess as long as there’s a piece of wood handy, there’s nothing to worry about, right?
Ransomware as a Service
Given the accessibility of these resources and the average Joe’s propensity for the “Touch Wood” security strategy, earning big bucks from villainous means has never been easier. The wide availability of these tools means that non-technical criminals are able to earn generous booties as easily as their super-technical predecessors. We all need to stop using pure luck and start taking cyber security seriously. The percentage of successful common online cyber threats (non-complicated hacks) is in the high eighties in comparison to the lower percentage of targeted attacks. One bet I’d be happy to take is that the non-technical criminals fall into the easier, more successful bracket. I mean, why wouldn’t they! We’ve made it that easy.
Prevention is a Lot Cheaper than Recovery
If we start applying a common-sense approach to security and stop relying on luck, these criminals will eventually give up and find some other, more complicated way of ripping off businesses.
As well as reputational damage, the financial impact of these attacks can be astronomical. When your servers have been encrypted, by allowing malicious software to be installed on them, there are two options – pay the ransom or rebuild the servers. Ransoms have ranged from $10K to $70M. Rebuilding servers takes time and time costs money, even if you have reliable backups. Prevention is a lot cheaper and easier than recovery. It’s time to start factoring in the comparatively low cost of securing your network and website because nobody factors a £5M clean-up operation into their annual budget.
Help is at Hand
Remson is a IT Support and Services Company based in Cardiff, Wales. We specialise in Cyber Security and offer a Cyber Essentials Audit and Remediation Service. You can use our FREE Cyber Essentials Readiness Tool, which will produce a comprehensive report of your current Cyber Security posture.
Cyber Essentials Audit and Remediation
Cyber Essentials is a great place to start. Every organisation should use as this as a minimum standard, offering protection against most common online cyber-attacks. It focuses on 5 key areas:
- Firewall
- Secure Configuration
- Patch Management
- User Access Control
- Malware Protection
We will get your IT estate to the required standard for Cyber Essentials, giving you protection against the vast majority of cyber threats.
Website Vulnerability Assessments
We can also assess your website for the latest known vulnerabilities. WordPress is by far the most popular tool for building websites, but it’s also known for its vulnerabilities. This is due to its availability and ease of use. We can provide you with a comprehensive report, which will identify those vulnerabilities and a remediation plan to get them fixed.
Security and Data Compliance with Microsoft 365
As a Microsoft Partner, we offer Microsoft 365 installation and migration. Microsoft 365 has a range of useful security and compliance tools, aimed at securing your data. These useful tools are a big help with maintaining the Cyber Essentials standard; all at a very reasonable price.
Get in Touch
If you would like to find out more about how Remson IT can help develop your cyber security and data compliance posture, get in touch and book a meeting.