Why More Users Mean More Problems With Ransomware Attacks

Ransomware has been one of the fastest-growing cybersecurity issues facing all businesses over the last few years. And this is not showing any signs of slowing down soon, as cybercriminals are still finding this a highly lucrative means of attack.

While companies of all sizes are vulnerable to a ransomware attack, it is large and growing firms that may be most at risk. Larger organizations typically have significant quantities of sensitive data, the means available to pay a ransom and more employees, making it easier for criminals to find a foothold in their networks.

All it may take is one careless act for a system to be compromised, and the more users and endpoints criminals are able to target, the more likely they are to find a weak point.

Naturally, as businesses grow and more users come aboard, more endpoints are added to a network. This translates into more potential entry routes for malware such as ransomware.

It may only take one unsecured PC, laptop or mobile device to compromise an entire network, as once an attacker has gained access, they are often able to move laterally within a system for weeks or even months, seeking out the most valuable data, before they are detected.

Indeed, according to research from IBM, it takes enterprises an average of 212 days just to detect a breach within their systems, followed by a further 75 days to contain it. Therefore, keeping control of endpoints to reduce the likelihood of intrusion in the first place is essential.

But this is proving increasingly difficult as the nature of businesses change. It’s not just the issue of adding new users and devices that can pose problems – it’s also the way in which these employees connect to networks that cause issues.

For instance, a growing trend towards remote and hybrid working makes it much harder for businesses to maintain control of these endpoints. As more people use personal devices and unsecured networks for work, this creates even more opportunities for ransomware attackers to find success.

The biggest problem for many firms is likely to be the users themselves. One study by researchers at Stanford University suggests 88 percent of data breaches are the result of human error, with more than a third of employees believing they’ve made a mistake at work in the last 12 months that compromised security.

One of the biggest avenues of attack for ransomware groups is email. Overall, it’s estimated that 94 percent of malware enters businesses via this channel.

Phishing attacks are easy to create and only have to fool one person in order to gain access to a network. If a user isn’t paying attention, is tired or overworked or is just having a stressful day, it can be easy for them to click something they’re not supposed to or fall for a fake request.

Such attacks have become even more likely to succeed in remote and hybrid working environments where many day-to-day interactions have shifted to email. This was a trend first seen during COVID-19 lockdowns when many people were required to work from home. Indeed, phishing attacks during this time increased by 220 percent.

Criminals have been quick to take advantage of this ongoing trend, using techniques such as business email compromise to target remote workers. For example, in the last year, the Stanford study found more than half of people (52 percent) had clicked on a phishing email believing it had come from a senior executive at their company – up from 41 percent in 2020.

In order to tackle these issues, businesses need to take a two-pronged approach. Firstly, they must have the right technology in place across every part of their network to minimize the risk of attacks such as phishing emails getting through to end-users, and then ensure that even if first lines of defense fail, data remains protected.

While familiar tools such as firewalls, anti-malware software and strong encryption measures all have a role to play in this, on-device solutions that protect employees regardless of where they are based are particularly important in today’s less centralized way of working.

This ensures that all endpoints on your network, including any personal-owned laptops, tablets and smartphones, are protected no matter where they are. Good on-device protection should also include data exfiltration prevention tools that can monitor the device for any unusual activity that can indicate a ransomware attack that is attempting to steal sensitive information.

However, technical solutions alone can’t guarantee security. Even with the best solution, it’s still possible that a careless or negligent employee could enable a ransomware attack to find its way onto the company network.

Therefore, it’s vital these tools are backed up with comprehensive training programs that educate users on what to look out for, especially when it comes to protecting their inboxes from phishing emails. It’s also not enough to do this once – training must be conducted regularly and followed up with actions such as phishing tests to ensure users are kept up to date with the latest scams.