Recently the White House issued an open letter calling on businesses to improve their cyber defenses in response to ransomware — and not a moment too soon. Ransomware has been getting worse for some time. A recent survey found that 51% of businesses in America were hit by ransomware in 2020, with an average ransom demand of $178,000. An estimated 25% of victims chose to pay the ransom.
As bad as it is, it’s poised to get worse. Hackers seem to be emboldened by their success and are growing more ambitious with time. It seems like no one is safe; even hospitals and schools are regularly targeted. Ransomware is not going to go away, no matter how many hackers are locked up. It’s time to wake up and smell the coffee. In a way, business owners are on the front lines of an emerging war in cyberspace.
In the letter issued by the White House, Anne Neuberger, the Deputy National Security Advisor for Cyber and Emerging Technology, outlines some practical steps business leaders can take to improve security. These measures include implementing multi-factor authentication, endpoint detection and encrypting file systems. In the short-term, these are important and much-needed steps. In the long-term, however, we need a fundamental shift in the way we think about cybersecurity.
There is a pervasive idea among non-technical business people that cybersecurity can be “outsourced.” That may have been the case in the past, but we can no longer depend on the “tech guy” alone to keep our networks safe. A chain is only as strong as its weakest link. This is especially true as social engineering and phishing attacks are deployed in more and more ransomware attacks. This is an ongoing arms race, and the only way to mount a sustainable defense in the long-term is to normalize cybersecurity awareness. We need to start thinking about cybersecurity skills as foundational to a well-rounded education.
Small and medium businesses are a common target of ransomware attacks and are often the least able to adapt. Regular cybersecurity training needs to become a continuous part of our work routine. At present, cybersecurity education is not getting the attention it deserves, and small investments in this area could yield big dividends in the future. The old saying that “an ounce of prevention is worth a pound of cure” is especially true in this context.
The government can and should be an important partner in supporting cybersecurity efforts in the private sector, but ultimately, mounting an effective response to this threat must be a grassroots, citizen-led effort. We have the power and the responsibility to rise to this challenge. It’s time for people from all walks of life, and business leaders in particular, to buckle down and start educating themselves and their employees about cybersecurity. With our schools, hospitals and critical infrastructure facing direct threats, cultivating cybersecurity skills and awareness should be viewed as civic duty. Ransomware threatens all of us and all types of companies, whether we realize it or not. Do your part to contain its spread. Forbes
