Q: Can ransomware walk through your front door?
Yes, it can. In the form of your employees. Most ransomware attacks are activated by unwitting employees, some of whom are allowed to use unsecured, internet enabled devices – either their own, or the companies – on a shared business network. Or perhaps, even more distressingly, they are allowed to conduct business through an unsecured and unmanaged network.
Studies have shown that ransomware is most likely to enter an organization through desktop and laptop computers (where security controls and policies would be presumed to be strongest), and least likely through a smartphone or tablet. Not surprisingly, email is the most likely delivery method for ransomware, either via email attachments or malicious links in email messages.
The Boss Is Safer Than I Am………Right?
A wide variety of corporate roles were affected by ransomware attacks, which impacted 71 percent of lower level staff members, 43 percent of middle managers, and 25 percent of C-level or senior executives. It is worth noting, however, that mid-level managers and senior executives are disproportionately affected by ransomware given their substantially smaller numbers. So even though C-level individuals represent only 25 percent of the victims of ransomware, it also means that per capita, they are impacted more often than lower level staff members.
So, what does this tell us about cybercriminal motives? Two things. First, the targeting of far more many lower-level staff members shows that most cybercrimes are crimes of quantity over quality. They are casting the widest net, so to speak, and attempting to push their ransomware or malware code out to as many targets as they can manage, knowing that the odds of scoring at least a few victories will be in their favor.
The second thing it shows us is that the purposeful targeting of management and C-level executives means that some cybercriminals still forsake the widest-net approach in favor of those targets they hope might deliver the largest ransomware payments.
The bottom line is that no business is safe. Those that implement the proper network security measures, and routinely keep them up to date, will be in the best position to weather any kind of malicious cyber-attack. But even then, the cybercriminals have their eyes on all of us, in one way or another.
For more information on how a managed network service can proactively protect you from digital viruses, please contact us.