Middle-Market Beware: Ransomware Isn’t Just for Enterprises

Ransomware is used by hackers as a form of cyberwarfare, for personal financial gain, or for activism. This was recently portrayed in the season premiere of Mr. Robot, in which a hugely powerful company was publicly humiliated by such an attack.

It’s a potential scenario that keeps enterprise tech executives up at night – I’m sure more than a few CTOs and CISOs had a hard time sleeping after watching this episode, even though it is fictional. However, middle-market tech executives tend to be less worried.

It’s not that they don’t think about it, they just think a hacker is less likely to target a smaller organization with less revenue and fewer valuable assets. This is exactly why they are more vulnerable.

Middle-market ransomware attacks

While middle-market ransomware attacks do not usually make the news, they do happen. Some middle-market organizations are even more enticing targets than large enterprises. For example, a mid-sized legal firm that heavily relies on files for its revenue might have limited resources and less effective security and backup systems in place.

This is an easy payday for a hacker – the target is easy to penetrate, the tech team will be overloaded, and the firm can’t afford not to pay because the alternative would result in losing all of its business.

Mid-market companies can’t rely on hiding in the crowd and being anonymous. Ransomware is a generic, massively scalable attack that acts the same in any organization. It uses malicious email messages or compromised websites to generically infect as many users as possible, and then it runs generic crime logic to encrypt data. The result is devastating to a company of any size.

What should mid-size businesses do?

To fight an enterprise problem, you need enterprise security capabilities. Advanced security technologies are becoming more affordable and accessible for mid-size companies. When evaluating your options, consider that there are multiple ways to stop ransomware. To help prevent attacks, you’ll want a tool that can:

  • Detect malicious email attachments before they are opened
  • Alert users about malicious websites before they are able to navigate to them
  • Identify malicious files before they are downloaded

Once an attack takes place, your last line of defense is to prevent the connection of the ransomware to its C2 (Command and Control) server to generate the encryption key and deliver the public key to the targeted machine. If you have technology in place to detect the outbound key request and stop it, you can prevent the encryption from taking place.

Ransomware is only going to get more advanced and persistent as hackers become increasingly sophisticated. It also doesn’t help that ransomware is gaining popularity as a go-to storyline in Hollywood, which only makes it more glamorous in the eyes of a hacker. Mid-size companies are not immune to the threat.

Don’t be an easy target because you think it can’t happen to you or that you can’t afford the necessary defenses. Arm your organization with protection that lets you put up enterprise-grade secure capabilities in your defense if an attack takes place at your mid-size organization.

Author Bio:

Ofir Agasi is Director of Product Marketing at Cato Networks with over 12 years of network security expertise in systems engineering, product management, and research and development. Prior to Cato Networks, Ofir was a product manager at Check Point Software Technologies, where he led mobile security, cloud security, remote access and data protection product lines. Ofir holds a B.Sc. degree in Communication Systems Engineering.

Join the CSO newsletter!

Error: Please check your email address.

Tags ransomware platformhackerscyber criminalscyber warfareIT Securitymalicious websitesIT managementransomwareransomware attackscyber security

More about AdvancedC2Check PointCheck Point Software TechnologiesPoint Software TechnologiesSoftware Technologies

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Ofir Agasi

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place