You wake up every day, work hard to provide your customers what they need and desire. You spent years struggling to create and develop your business, enjoyed successes and failures and your persistence has allowed you to build a great organization. Congratulations are in order as you have built a successful business! Then one day you wake up, head into the office, and log in and receive the following. “Your computer has been infected with a virus!!! All your files have been encrypted. You must pay this ransom within 72 hours to regain access to your data.” Your first thought is what the heck is this, it must be a joke. Nearly at the same time your IT provider or in-house Director of IT is on your phone screaming your company has fallen victim to a Ransomware attack.
Your next thoughts are how did this happen and why your company, you’re not even a large organization. One of the largest misconceptions is hackers only target large businesses. This is of course very false. IN fact, in today’s cyberspace environment hackers are targeting small business at an alarming rate. And why wouldn’t they? Many small to medium sized business are ill prepared and therefore represent perfect targets. Also, given the powerful hacking tools that are available today almost anyone with the knowledge and experience can be a cyber thief, its simply gone beyond rogue state actors and gangs of cyber criminals.
The facts are small businesses often have valuable sensitive data. The data does not need to be valuable to the hacker, only to you and your business. In the Northern Virginia area there are thousands of government contractors that are small businesses and have valuable information for our adversaries. Hackers are looking for customer information, employee data, trade secrets, and industry specific data. Ransomware attackers are looking for both money from you and your information. The scary reality is there is no guarantee that once you pay the ransom your will get anything in return.
Ransomware cyber thieves have also changed their tactics with regards to ransom amounts. They know that small to medium sized businesses generally do not have large sums of money to payout, so they are increasing asking for less. A general trend is to request ransom amounts that are percentage of your annual sales. In other words, cyber criminals are essentially attempting to make the ransom an amount that is possible for a business to pay and one that seems to be easier and quicker than calling in the experts to try and obtain your information and systems back under your control. How much would you pay?
After spending the day scouring through all your systems your IT professionals call you back with a status, they want $100,000 and the initial assessment is it could take weeks maybe even as long as a month to get access to your systems and information! In addition to recovery and rebuilding costs, there most likely will be legal costs, insurance costs, incident response costs. Not to mention the most important cost of reputation. Now what?
The fact is this probably never needed to happen. Many small businesses believe investing in cybersecurity is expensive and therefore go at risk. While it is true that small businesses have limited funding, effective cybersecurity protection is not expensive, and it is tremendously less expensive then enduring a data breach and the recovery of your systems and information. The investment is certainly worthwhile considering the loss to your IT infrastructure and revenue, and the damage to your business reputation.
Give us a call and let us guide you through establishing a cost-effective cybersecurity framework that limits the possibility of ruining your day!
Ken Runkles
Managing Partner
Innovation Orange, LLC
(540) 999-4373
Innovation Orange, LLC is a Small Business Administration certified HUBZone company that specializes in providing technology solutions such as network design and operations, is a Managed Services Provider and specializes in Cybersecurity solutions for businesses and government agencies