Driven by the headlines of JBS and Colonial Pipeline's recent breaches, decision-makers are finally understanding what security experts have been pointing out for ages — hackers are everywhere, and they have not just been going after the big white whale the last few years. Gone is the false perception that large enterprises, banks, and financial institutions are the only organizations that are under attack. Those times are long since passed, and we are now dealing with educational systems, hospitals, and smaller companies.
We are in a new era in which technology, geopolitical threats, and cryptocurrency are affecting the midsize, non-tech markets more than ever before. Roughly 200,000 American businesses fit in the midmarket category, with annual revenue of $10 million to $1 billion. A recent Verizon "Data Breach Investigations Report" found that more than 70% of cyberattacks target small to midsize companies.
There's no doubt that cryptocurrency platforms have enabled bad actors. A recent article published by NPR touches on the surge of ransomware and how cryptocurrency is the currency of choice for ransomware because it's fast, easy, largely anonymous, and hard to trace. Sophisticated hackers can get away with it because not only can they cause major disruption but they can pinpoint the exact amount of money the company can afford to pay in ransomware. It's a typical business cost-benefit analysis, and businesses are at a disadvantage during negotiation.
Another factor is the weakness of security in the midmarket. Large enterprises have started getting smarter about security. They have deeper pockets to secure 24/7 security operations with the appropriate arsenals at their disposal. Smaller organizations in the state and local education market, healthcare, retailers, and manufacturers have fewer resources at hand, both human and technological. They certainly don't have the financial means to equip themselves with expensive, sophisticated, and layered defenses. Plus, security is last on everyone's list. To the midmarket, it's thought of as insurance, basically a cost center, not a mission-critical priority for the business.
We know we're going to have a very steep trajectory of ransomware attacks. So, what needs to be done to disrupt the disrupters and flatten the curve, so to speak, when it comes to the midmarket? Believe it or not, it's not just all about security.
Ransomware attacks, like many other cyberattacks and telecom fraud, are often committed by actors outside of the country's borders. The REvil attack is written so that it won’t target systems that use the Russian language. Hackers are avoiding systems in their own country in order not to run afoul of local laws. In addition, cross-country investigation and prosecution is difficult. Realizing that all countries are victims of ransomware, governments need to put aside their differences and forge cooperation to deal with these crimes.
Follow the Money
It's practically sacrilege to utter this in certain tech circles, but until we start mitigating crypto's role in ransomware and malware threats, regulators may treat and govern cryptocurrency like we do with traditional tender; and unless we mitigate the issue, we will never win against the bad actors.
Cryptocurrency is the currency of choice for criminal underground of cyberspace for illicit transactions and money laundering. It may not be the sole factor, but it has a major role in the rise in ransomware. It's high time the cryptocurrency industry paid attention to, and even started to battle, the growing ransomware threat. And perhaps cryptocurrency needs to be regulated, traced, and understood in order to curb the malignant players. Until there is recognition and acknowledgement of the role of crypto in ransomware, more focus on improved data sharing across platforms, diligently maintaining cyber hygiene, and reasonable legislation and regulations, we will continue to see a rise in nefarious activity across the board.
Again, this is not a popular answer but a necessary aspect to security within the midmarket. Phishing remains the No. 1 attack vector for ransomware to gain entry into the victim networks. Every individual working in front of a computer — whether in a factory or a major restaurant chain — needs to understand what to look for, and every midmarket company needs to staff up and have a few security experts at the ready. Process and protocol can have a huge impact on how much data is lost, if any. There should be plans in place to know next steps and have those steps be uniform. Without this, you lose precious time, and time loss equals data loss.
Security and Storage Go Hand in Hand
I cannot tell you how many midmarket companies have left themselves open, putting off measures that would help them defend against attacks. Investing in technology, security solutions, and storage solutions should be top priorities, along with supply chain technology. You must secure the network, the endpoints (especially now with rapid adoption of remote working), and the data. You also need to keep your storage units secure and updated. Research indicates about twice as many companies recover their data through backup as through paying the ransom. For a midmarket company with limited budget and resources, it's important to identify the critical data that needs to be protected and make timely backup.