If your dealership gets hit with a ransomware attack, should you pay the ransom? The answer is no. According to a recent Emsisoft report, one-third of U.S. companies that have experienced a ransomware incident have paid the ransom. This is unfortunate, because paying the ransom encourages continued attacks.
Additionally, you have no idea what cybercriminals have inserted into your data, and paying the ransom doesn’t guarantee that your data will be fully restored.
A recent and disturbing trend is that cybercriminals are demanding ransom for data they exfiltrate after breaching a company’s system. We all know a data breach is a serious and expensive issue that destroys consumer trust. But the fact is, once that data is exfiltrated, your dealership has already experienced a breach. Paying a ransom to get the data back doesn’t change that.
But if you don’t pay the ransom, how do you get your data and files back, and all systems running again? Restoring from back-ups might not be possible if your dealership only has 30-day backup retention. This is because when ransomware infects your network, it lies dormant for a period of weeks. Back-ups of your data performed during this period also backup the ransomware. Once the ransomware is activated, your most recent backups will also be locked down, so you can’t restore your data.
If restoring your data isn’t possible and paying the ransom isn’t recommended, what are your options? The ONLY option is to proactively prepare yourself for a ransomware attack. It’s not a matter of if it will happen, it’s a matter of when. According to Cybersecurity Ventures, by 2021 ransomware attacks on U.S. businesses will occur once every 11 seconds.
The High Cost of Ransomware
The average ransomware demand is now $84,000, according to a recent Coveware Ransomware Marketplace report. The larger the company, the higher the ransom is, with ranges from as low as $1,500 for small businesses to $780,000 for large enterprises.
Cybercriminals are getting greedy. The $84,000 amount reported in Q4 2019 is a 104% spike from the $41,000 average ransom payment that was reported in Q3 2019, according to the report.
In addition to the ransom payment, the average downtime a business experiences due to a ransomware attack is 16 days. Plus remediation costs, which most likely includes upgrading software and hardware.
Can your dealership afford to pay out hundreds of thousands of dollars and cease business activity for two weeks?
How to Protect Your Dealership
Fortunately, you can reduce the likelihood of a ransomware attack and make remediation a whole lot less expensive, with just a few best practices.
1) 90-day backup retention
Most dealers back up their data, but typically back-ups are stored for a period of seven to 30 days. Cybercriminals count on you not having good backups. We recommend back up retention of 90 days. Also, all backups should be stored in a separate location that’s not connected to your computer network. Backing up to the cloud is more secure than backing up to an internal server.
2) Security awareness training
In dealerships, the most common way that ransomware infiltrates the system is when employees click on links or attachments in phishing emails. The best way to prevent this behavior is with training.
Security awareness training is inexpensive and delivers a high ROI. Prior to security awareness training, in an average business 27% of employees open phishing emails. After 90 days of training, the risk drops to 13% and after one year of training, the risk drops to just 2%.
Security awareness training products use a simulated phishing attack to assess the percentage of employees that click on a phishing link. Recently in one dealership, 87% of employees clicked on the initial simulated phishing email!
Employees are then educated with videos, online games and training modules. Monthly phishing tests measure progress.
3) Hardware and software updates
It’s critically important to keep your security updates current on both hardware and software. Some dealers are using computer equipment that’s no longer supported by the manufacturer. This practice sends a wide-open invitation to cybercriminals.
One example of this is Windows 10. Many dealers have still not upgraded from Windows 7 OS, which is no longer being supported by Microsoft. Staying on the most current technology ensures that your system is protected by the latest security updates.
4) Cloud based, anti-virus/anti-malware protection
On a typical day, dealerships are bombarded with hundreds of spam emails and viruses, but most of these are blocked with anti-virus/anti-malware technology. Using cloud-based protection is better than installing programs at the PC level, because cloud-based versions are easier to manage and always stay updated.
Ransomware is a serious and growing threat, but it only takes a few best practices to ensure that even if it does happen to your dealership, it won’t be a serious disruption to your finances or business operations.