The new buzz word in cybersecurity right now is ransomware. If you haven’t heard of it, congratulations! You’ve somehow managed to avoid all form of news, social media and in general media altogether in the past few years. If you’re looking for a detailed history of what ransomware is this is not the article you’re looking for. Scroll over to Wikipedia or do a general search on Google will get you up to speed on that.
If you’re here for an opinion of ransomware then you’ve come to the right place. Contrary to popular belief, ransomware is not just about kidnapping someone’s digital files and extorting them for money. This is what most of us associate ransomware with. One natural reaction to this is how do we protect ourselves? This is a question that most company leaders struggle with. What? You haven’t thought about it? Then you’re either naïve or negligent.
Protecting against ransomware is tricky. If anybody tries to sell you a silver bullet solution for this problem and you believe them, then I have a bridge I want to sell you as well. As much as we may want to believe it, there is no silver bullet solution for ransomware, just like there is no silver bullet for airline safety. Think about all the safety checks that happen before a flight takes off. From the moment you buy your ticket to the moment you recline in your seat on the plane, 100+ security checks have occurred. Whether it is a failed baggage check, overlooked plane safety inspection or navigation software bug, all it takes is one thing in this series of checks to fail and the entire plane literally comes crashing down.
Just as there is no quick fix for losing weight, there is no quick fix for ransomware. Make no mistake about it, ransomware is about cybersecurity or in more general terms, security around how we interact with one another in a digital economy. Cybersecurity must be a mindset in order for it to effective. When you leave your house you lock the door. When you park your car, you lock the door. Before you cross the road, you look both ways. This kind of behavior is ingrained in us. Unfortunately, good cybersecurity hygiene is not ingrained in us by default. In part, this is why ransomware is so ubiquitous and successful. Cyber criminals know we are prone to open emails, click on links or even voluntarily give our own credentials away. The most successful cyber criminals are the ones that know how to exploit human nature. Take for example, passwords. Passwords are everywhere. Sometimes the only security between a cybercriminal and a million dollars is a simple password. Most of the time, that password is Password123. When faced with a choice of convenience and security, most of us lean towards convenience.
No matter how secure online software becomes, if we don’t change our mindset, if your company doesn’t change their mindset on cybersecurity then ransomware will continue to flourish. When you set out to lose weight, you don’t expect to lose 20 or 40lbs overnight. It is not realistic and it may even be a hazard to your health. The same goes for cybersecurity and your business. Take small steps. Set realistic goals. Review your company security posture. The first step is awareness. As the 1990s GI Joe character said, “Knowing is half the battle.”
Lastly, I would be remised if I didn’t put a shameless plug for physical layer security. If you’ve read this far, you know ransomware is more than just the flashy headlines you read on the news. As you review your security posture, one of the often overlooked areas is the physical network, the cables and patch panels in your network. From our experience at Fiber Mountain, the knowledge of the physical network at a company usual exist, at a good company, in an out dated excel spread sheet on a share drive somewhere. At a bad company, it exists solely in someone’s head or in a physical binder in a drawer. If you’re hit with ransomware, the last thing you want to hear from your IT staff is that they have no idea how the network is connected and there is no way to restore it because the excel file where everything is kept is locked. Ransomware is the current buzz. It is easy to talk about. But what if you lose the binder or Adam leaves the company? Your security posture is only as strong as your weakest link. Don’t let that link be your physical layer network.
Follow us on your favorite social media platforms to stay updated: