99.9% of companies do not shield their network against possible cyberattacks. Furthermore, 99% of organizations in Latin America begin to do so once they have already been hacked by cybercriminals.
The disinterest that exists on the part of various organizations in terms of investing in cybersecurity is the main element that increases the risk of being a victim of cybercriminals.
Ransomware attacks are one of the main and most serious problems suffered by companies in Latin America. Currently, Latin America receives 25% of global ransomwarecyberattacks, second only to Asia with 33%.
The average recovery time for a company that suffered a ransomware attack is 23 days. During all that time, the organization must be without its systems, causing a very serious impact on its business continuity. In fact, statistically, for every 4 companies that had an attack, 1 went bankrupt due to that situation.
How the risks of suffering a cyberattack could be minimized
Five main recommendations should be followed:
- Shield the network: The first mistake is to think that a cyberattack can be mitigated only by purchasing a specific product. To have a shielded network, several tools must be implemented, as well as several methods or strategies. You must have a comprehensive strategy.
- Training: These attacks enter the network through collaborators who receive a link, open it and that ransomware enters there. Most companies do not train users or collaborators. 60% of ransomware attacks come via email.
- Use of EDR programs (End-Point Detection and Response): Allows detecting anomalies within the PC. EDR programs prevent attacks because when an attack occurs, what happens is that when the PC is infected with the ransomware, all the files start to be encrypted in the operating system, changing the file extension. The EDR detects when a massive name change occurs within the operating system.
- Implement changes in the way of working: This by identifying possible infection vectors and addressing them with specific actions. For example, changing all the configuration of the entire Network, as well as minimizing the use of an external memory or USB. One method of protection is to block its use. It is also recommended to remove administrator privileges from users using the equipment. This is because if a link is sent by mail and is opened, the ransomware is installed, on the other hand, if the user does not have administrator privileges on the PC, that ransomware will not be installed on the computer.
- Filter, through a proxy, the websites that users can access: If a user can access any site on the Internet, it will only be a matter of time before they have ransomware problems. The Proxi is a device that analyzes whether the website where the user wishes to enter is safe or not, and if it is dangerous, it blocks access to that website.
- Monitor extensions: When the computer gets infected with ransomware, the files start changing their extension for cyber criminals to encrypt them. Due to this, constantly monitoring that the files on the PC do not change their extension is another recommendation. For this, keeping the logs updated is very important.
Over the last few years, many businesses continue to suffer from ransomware attacks. In them, cyber attackers hijack files and information from companies and ask for money to release it. Information is the most valuable asset organizations have, which is why cyber criminals go after it. That is why today it is becoming increasingly important for companies to know how to protect themselves digitally.
