Expanding our global footprint with Ian Thornton Trump as our first CISO in the UK LEARN MORE >

Services

We’re a selected team of skilled cybersecurity professionals who work as an extension of your IT staff, as well as best-in-class technology to add an additional layer of protection to your organization.

View our Managed Services
Ask About Our Outsourced Cybersecurity Program

Our comprehensive outsourced cybersecurity program leverages advanced technology and expert professionals to enhance your security without the need for in-house capabilities.
 

Learn more

Partners

We collaborate with best in the business to ensure our customers receive the highest levels of care and support. These trusted relationships allow us to better serve and educate our customers.

Regional Partner of the Year Award

Partner of the Year Award

Why Inversion6

With an abundance of solutions and providers, the task of choosing the right option is critical and can sometimes be overwhelming.

industry validation

"Thanks to Inversion6, we now have an established protocol and response procedure whenever incidents are detected. Now, we are able to act immediately to prevent a security event from becoming a larger incident."

Read Full Story

Resources

Our experts are thought leaders in the cybersecurity space. From blogs to publications and webinars, check out these resources to learn more about what’s trending in our industry and how you can stay ahead.

Why Cybersecurity Should Be Driving Your Enterprise Risk Management Strategy

By Christopher Prewitt

Read Article
Latest Inversion6 Press

CISO Craig Burland’s latest byline in Cyber Defense Magazine discusses the importance of accountability in cybersecurity.

View Story
June 4, 2019
By: Inversion6

Ransomware: What It Is and How to Prevent It

Ransomware attacks pose a significant threat to multiple industries. Learn more about them and how you can practice ransomware prevention.


Ransomware attacks are on the rise, with high-profile cases including attacks on Cleveland Hopkins Airport and the City of Akron showing just how devastating one of these attacks can be. The recent ransomware attack on Baltimore had widespread, long-lasting implications for both the government organization and individual residents.

But what exactly is ransomware, and why are there so many attacks? 

The term “ransomware” comes from the fact that hackers hold important data captive until payment is provided or another demand is met. Targeting organizations like hospitals, local and regional government, and other businesses, attackers go into a system or network, inject malicious code, encrypt the data, and withhold the key until a ransom is paid.  

Impact of Ransomware Attacks

The focused impact on an individual organization that is attacked can range from thousands to millions of dollars including the cost of the ransom and damages caused by the attack and the recovery.

According to Cybersecurity Ventures, ransomware damage costs are projected to reach $20 billion globally by 2021 — up from $325 million in 2015. The number one target? Healthcare organizations. Cybersecurity Ventures predicts that a business will fall victim to a ransomware attack every 11 seconds by 2021, with damage costs growing more than 57x between 2015 and 2021.

Healthcare organizations and local and regional government organizations (such as municipalities, school districts, etc.) stand to lose a lot if their data is compromised or lost. That’s what makes them a huge target — hackers know that they’ll be desperate and more likely to pay the ransom if the data they steal is vital or the information is inaccessible. It could be literally life and death with healthcare organizations.

Aside from financial implications, daily operations are interrupted when a ransomware attack occurs. Productivity is lost, deadlines are missed, or more importantly, lives are at stake. Consider municipalities and financial organizations whose systems are locked down. People who are buying a house, paying bills, or paying a parking ticket are unable to do so. If hospital systems are compromised, vital data such as charts and insurance approval are inaccessible.

Being Prepared for a Ransomware Attack

Getting out in front of a potential ransomware attack and putting the right systems and policies in place can significantly mitigate the risk. One of the best ways to prepare for an attack is to have multiple backup locations for your data.

Many companies are backing up data to the cloud, believing it to be the safest bet. But any system — including the cloud — that is connected to a business network is at risk once a hacker infiltrates the network.

Though it may seem archaic, offline backups can be a safer solution in this circumstance. Tape, flash, or disk storage are all viable options for physical data backup.

Because offline or physical backups are subject to other threats (such as damage, fire, etc.), it can be better to have multiple backup points. That way, you have an offline copy if your company falls victim to a ransomware attack, and a cloud-based backup if there’s physical damage to a data center.

Another vital step to prepare for ransomware attacks is to educate your team. The whole organization should be aware of what ransomware and other malware risks are, how they could affect your data and your business, and ways to mitigate those risks. Train them on recognizing malicious hacking attempts via suspicious links, emails, or URL-hijacking to reduce the possibility of an employee clicking on or downloading a disguised ransomware attack.

Also, consider implementing a good endpoint security system. Endpoint security is essentially an anti-virus-like protection solution that tries to prevent malicious code from running on your system — and malicious actions from being taken on your system.

Endpoint security ranges from basic antivirus protection and network firewalls to port controls, app controls, deception technology, and more. Now that endpoints are no longer limited to just a desktop computer but rather are expanded to IoT, mobile devices, tablets, etc. (many of which are personal devices that cross into company use), there is more to keep track of and a more robust endpoint security plan necessary to reduce risk.

Finally, have a plan in place if you do end up being attacked. An Incident Response Plan (IRP) can reduce the impact if you train your team on the exact steps to take and in which order.

What to Do in Case of Attack

No matter how many preparatory steps you take, there really is no way to remove 100 percent of the risk for a ransomware attack. But you can lessen the impact should an attack occur.

The IRP mentioned above is your key to reducing the amount of damage a ransomware attack can cause. IRPs not only force you to think through what you need to do after an attack but also lays out steps in clear language that your team can easily follow during crisis mode.

When an attack occurs, it’s common for employees (and leaders) to feel panicked. A documented IRP takes the guesswork out of the plan of action and tells people what to do. It takes the burden off of employees to remember what needs to be done.

If you’ve successfully diversified your data backups, you should not have a complete and total loss. Factor into your IRP how to get vital data accessible again without exposing it to vulnerabilities while the attack is being neutralized.

Many companies will need to issue PR communications to the media to notify the public of the attack, its implications, and, when available, its resolution.

Reach Out for Assistance

Companies don’t always have the luxury of having a robust security team, or even a strong IT team to help with mitigating risk, preparing for potential attacks, or responding appropriately should a ransomware attack occur.

If your team needs expert advice, more information on ransomware risks and vulnerabilities, or help with implementing an IRP, contact Inversion6 for a personalized discussion. Our CISOs for hire can work through the best ways to prepare your organization and lessen the impact of a potential ransomware attack.
 

Post Written By: Inversion6
Inversion6 and our team of CISOs are experts in information security, storage, and networking solutions. We work alongside your team to implement technology solutions that are smart, flexible, and customized to fit your needs.

Related Blog Posts

Let's TALK

Our team of experts in information security, storage, and networking works alongside your team to implement technology solutions that are smart, flexible, and customized to fit your needs. Ready to learn how we can help strengthen your technology environment? Fill out the form below to get started.

TALK TO AN EXPERT