The kinds of preventative steps needed to keep a company safe are not necessarily difficult to implement from a technical standpoint, but they pose a challenge to workplaces reliant on having seamless access to data, files, servers and systems on demand.
If you think about where ransomware is successful, everybody wants to pin it on the person who clicked the link, but when you start to unravel a successful ransomware attack, you must go all the way back to the beginning.
Anticipating the likelihood of an attack also means having a robust disaster recovery plan.
Many businesses hesitate to implement controls that prevent an authorized — or unauthorized — user rampaging across systems, because of the inconvenience and this only opens the door for employees to be tempted rather than fooled into clicking a link that could bring the business to its knees.
Our experts have seen clients who, when confronted with the risks, believe they are somehow immune to the risk of ransomware because they store files or use software based in the cloud. Although that might be more secure than using an old server, it is not a perfect solution, since ransomware can move from a data centre to another via your company and malware can encrypt files in the cloud.
We have clients who think that if they put their data into the cloud through Microsoft then everything will be secure, or that their cloud provider will be able to detect and protect against threats. Sometimes they can, sometimes they can’t but that’s a complex picture. Breaches in the cloud often boil down to a company not configuring their cloud access properly.