There is now a much larger attack surface for cybercriminals to target due to remote and hybrid working practices
The introduction of widespread remote and hybrid working practices means that employees are now working on a huge range of different devices, including desktops, work laptops, personal laptops and mobile phones.
As a result, there is now a much larger attack surface for cybercriminals to target. Hackers have cottoned onto this, with this infographic showing the extent to which ransomware has exploded since the end of 2019.
Aaron Anderson, head of Marketing at Kyocera, said: “Ransomware has well and truly hit the mainstream in the last year. Recent months have seen incidents such as the Colonial Pipeline attack make headlines, while groups such as Babuk and Ragnarok have become infamous far outside of cybersecurity circles.
“The debate around how best to deal with ransomware threats has shifted recently to the role of insurance companies, covering areas such as the feasibility or legality of paying out on a ransom demand
“However, it’s crucial that leaders remain fully focused on the fundamentals of good cybersecurity in the battle against ransomware. This means taking steps to fully understand the company’s potential attack surface in an era of remote working, then eliminate vulnerabilities where they exist.”
To achieve this, Anderson believes that organisations should leave no stone in their IT estate unturned. This means examining not just computers and mobile phones, but other connected devices including printers.
He added: “The reopening of offices and the growth in hybrid working mean that office devices such as printers or wi-fi routers are back in action, with each item of internet-connected hardware being a potential source of infiltration.
”A major first step is to conduct a full audit of these devices and the ones being used by workers at home to ensure that their security features are up to scratch. This can be a painstaking process, but it’s vital if you’re serious about keeping sensitive data away from prying eyes.
“Another step is to reduce the role of human error in successful ransomware attacks. Remote workers are less likely to ask for quick advice on a cyber issue – such as a suspicious email – if their colleagues aren’t as close at hand as in the office.
”Tackling this boils down to building a culture of transparency where people are encouraged to be open about sharing what they think might be social engineering messages, with staff also receiving regular training on how to spot the latest hacking methods.”
Anderson concluded: “Finally, backing up sensitive data on a regular basis is integral to any anti-ransomware strategy, for the simple reason that ransom demands need never be indulged if the data can be easily retrieved from elsewhere.
”Combine this with all of the above, and the business will have the resilience to approach the ransomware issue with confidence rather than uncertainty.”