Professional and business services, a sector that includes advertising, legal services, market research, accountancy, audit, architecture, engineering, PR and management consulting is the largest commercial vertical that reports increased attacks from ransomware. There are several reasons for this:
- Business and Professional Services have become increasingly reliant on IT systems
- A lack of awareness of the current cyber threats
- Economic factors (lack of sufficient Cyber Security and Cyber Resilience budget)
- Lack of cybersecurity training
- Susceptibility of users
- Increased adoption of Cloud services
From our experience, there is a high reward/low-risk ratio by attacking companies working in professional and business services, these businesses control and process a lot of data, which makes them a high-value target.
Easy pickings for ransomware
As organisations in this sector become increasingly digitally focused, this has opened new opportunities for cybercriminals. Each new application rolled out increases the attack points, and if organisations have a limited focus on cybersecurity, they will be low-hanging fruit to a hacking group, it’s becoming a cybercriminal playground.
"It won't affect us… will it?"
We've become so accustomed to hearing about the super cyberattacks and data breaches along WannaCry and Facebook's lines, that events occurring on a smaller scale seem to go unnoticed. Smaller businesses assume they are not a target.
It's a safe bet to assume that the average cybercriminal would find it easier to access and compromise the network of a small to medium-sized business than they would a larger and more sophisticated corporation or enterprise.
A risk-based approach, on a modest budget
So, how can professional and business services organisations protect themselves from ransomware attacks?
First assume a When, Not If approach to Cyber Security and Cyber Resilience.
Ask, “What is the plan for When we get a ransomware breach, Not if?”
- Backup and Disaster Recovery: Be prepared for a worst-case scenario and always backup your business-critical data. Include the necessary protection against ransomware attacking your backup data and backup files.
- Regular Penetration Testing: If gaps are regularly found and patched then ransomware can't get in, which mean the next route into an organisations would have to be phishing.
- Train your team and build your human firewall - Education and skills-based evaluations will ensure that your team is cyber-savvy and prepared to identify and tackle threats as they arise.
- Comprehensive network monitoring and ongoing vulnerability assessment: This will enable your organisation to have a clear view of your system assets, their status and what's happening at any time.
- Apply 2Factor Authentication: A must for all administrator accounts.
- Anti-malware: Implement an anti-virus platform alongside anti-malware. Keep your firewall updated and use content filtering and an Intrusion Detection System.
- Data Retention and best practice: Ensure you're adhering to your industry-specific data retention standards and practices, and don't forget GDPR!
If you want more help in keeping your business secure in the digital world, drop us a line at firstname.lastname@example.org or call on 0208 012 8489 for a complimentary vulnerability assessment.