Ransomware is one of the newest malware threats in the news. (Mal, the Latin root for “bad” or “evil,” forms words like malfunction, maltreat, and malice.) And ransomware is truly bad! An attack will literally hold companies’ user systems hostage until they agree to pay the “ransom” request via Bitcoin or another hard to trace online payment. The FBI is warning it’s on the rise, and not just for single users- businesses, government agencies, law enforcement, healthcare, and academic institutions have all been victims.
As UPS recently found out, ransomware is powerful and hard to prevent if you are not prepared. The usual “phishing” or “spoofing” of malware is becoming more common. Hackers are now better at designing corporate brand logos, legal disclaimers and colors to fool the consumer, tricking the clicker to click. But the world of ransomware is taking a huge leap with sophisticated hackers infecting corporate data platforms and stealing financial data. Recent attacks have wreaked havoc on large scale operations with multiple platforms. Ransomware extortionists like CryptoLocker, Lockey and KeRanger have become the new wild west of ransom hackers.
Seeing a ransom note declaring your data access will not return until you send in tens of thousands of dollars- even if in Bitcoin- before the decrypted data is unlocked, is a shock. These shakedowns can disable data recovery options too, making traditional backups worthless. As the industrial sector innovates, cyber threats become smarter and smarter. Hackers are poised to steal away control unless custom manufacturers and other asset-intensive industries give more time and attention to their companies’ system security.
Foundational security is ultimately the companies’ responsibility. Salesforce is one platform provider that makes security and customer trust its number one value. To quote Parker Harris, Salesforce cofounder and EVP of Technology, “Nothing is more important to our company than the privacy of our customers’ data.” Salesforce cloud computing platform is probably the safest model out there. Companies who partner with them can build their apps off of it, and features like CRUD/FLS (create/read/update/delete and field level security) determine who in the organization can gain access to the data.
Even the new generation of storage vendors can also protect from malware and ransomware attacks. Using snapshots to secure CDP (Continuous Data Protection) on a frequent basis, corporate clients that have a one data system can experience an encryption and corruption of their primary file system, and with a good CDP process, their snapshots will be completely unaffected and immune from modifications and deletions. Recovery of the data – ensured.
However, it is a crucial first step for any company or manufacturer to first work towards a system wide ERP solution that has a successful reliable recovery at hand should the one data system be compromised. Even mobile devices the company uses can be infected. Any organization concerned with data security should invest in a solid ERP solution from a reputable vendor who will integrate security into all software and equipment so that the data is protected. Remember, even if ransomware doesn’t happen, corporate espionage and sabotage is another reality, and one that can cost far more.