Solid endpoint protection is a bare minimum
If it feels like new breaches are reported every week, it’s because they are. Attackers are taking no prisoners and are successfully breaking into businesses, political organisations and systems belonging to individuals. Most believe they have solid endpoint protection in place.
It’s not like a bank robbery, where the bad guys have to spend lots of time and effort to put themselves at physical risk for the sake of one big score. Ransomware extortions can happen in parallel. Criminals sit in front of screens watching piles of victims become compromised.
Digital ransoms follow different rules
Ransomware attackers can wait as long as they want, in direct contrast to kidnappers in the physical world. Those criminals want to conclude the ransom payment as quickly as possible. In his book Never Split The Difference: Negotiating As If Your Life Depended On It, the ex-FBI author Chris Voss talks about handling kidnappers and pirates. There are some interesting insights, including the observation that they often become more amenable to lower ransom sums closer to the weekend. They want to finish the job, relax and party.
This does not apply to digital crooks, who can scale their attacks to a different level. They are also far less likely to be caught or shot, so they can relax and watch the money come rolling in over days, weeks and months.
Backup isn’t enough
Backups are important but, as we noted recently, they are not always the perfect solution. Recent attackers have been deleting backups. It is possible to damage offline backups held securely on tape, as we discussed in our article. You can’t rely on just one type of security solution. However, having solid endpoint protection in place is one of a few bare-minimum measures you need to take.
Other essential measures include updating your software, deploying multi-factor authentication and using strong passwords. None of these solutions costs much money, and all are relatively easy to build into your organisation or personal routine.
Most of the products in this report are excellent at providing a much-needed level of protection on personal and business computers. We recommend you read through the results in detail. Consider how confident you are that your current choice stands up against real-world security threats.