Read Time: 3 Minutes
This guest article by Martijn Grooten, Editor and Security Researcher at Virus Bulletin, appears in our recent report, The State of Cyber Security 2017.
Despite having a strong interest in current affairs, the only two Finnish politicians I can name, I know for the things they have done in and for other countries. The reason that Finland rarely makes the news isn’t that people don’t care about the Land of a Thousand Lakes; it’s that things in Finland are generally OK.
The same is true in security. Every day, one hears stories of nation states being hacked, websites being taken down through DDoS attacks and businesses being brought to a standstill due to ransomware. These are the stories that motivate any security professional to work hard to make things better.
That shouldn’t stop us from appreciating how many things we are doing right though. Take ransomware, for example, rightly seen by many as the biggest security plague of the moment. Sure, it does affect many individuals and businesses and the stories of libraries being shut down or parents losing all their children’s photos don’t make for happy reading.
But that is only half of the picture. A recent IBM study showed that a little over half of businesses said they had never been affected by ransomware.
Given the opportunistic nature of ransomware, where millions of infection attempts are being made every day, this doesn’t mean those businesses were just lucky. Rather, it showed they did something right.
Unfortunately, especially for the other half of the picture, there is no silver bullet. There is no one thing that makes you invincible to ransomware, just like there isn’t such a thing for any kind of online attack. But there are many things businesses, organisations and individuals can do to mitigate the threat and to seriously decrease the chances of being hit.
Keeping regular backups is a good and important thing do to, as is making sure your software is always patched. Removing unnecessary software and plugins helps a great deal, and of course the usual advice about clicking links and opening attachments applies too.
And then there is security software. Because despite all our good intentions, there’s always this one device we didn’t back up, this plugin that is slightly out of date and that email that really did look important. It would be wrong and dangerous to consider security software as a simple solution that could be replaced by following good practices. As Virus Bulletin and other testers have repeatedly shown, many of these solutions improve security quite a bit, and seriously reduce one’s chances of being faced with that feared pop-up asking for a ransom.
So while we should continue to talk about what went wrong, let’s also focus on what we are doing right. Because that can improve security for everyone.
Read more about ransomware and business security when you download our full report, “The State of Cyber Security 2017.”