This is a guest column by Paul Lipman, CEO of Total Defense, a provider of cloud-based security solutions.

The occurrence of ransomware in the cyber-crime arena has
become disturbingly more common. In fact, the Total Defense Research Team has
seen a 200% increase in ransomware infections in the last few months alone.
This surge has even led to the FBI issuing a warning out of the Washington
Field Office on the topic.

Leveraging
both system and human vulnerabilities, ransomware attackers are gaining access
to machines and maliciously encrypting data and demanding a ransom paid to the creator of the
malware in order for this data to be restored. Due to the fact that ransom must
be paid in anonymous Bitcoin currency, this particular cybercrime is almost
impossible to remedy once committed and has quickly become the method of choice
for cyber smash-and-grab thieves.

Consider
a system that houses critical financial data, customer information, development
code, or even simply important business documents and presentations. The inability to access those files,
while initially a nuisance, could quickly escalate into a business catastrophe.

While
this may sound like a perfect attack method to enable large-scale financial pilfering
and corporate espionage, this malware does not discriminate — the perpetrators
are going forward with a dragnet type of approach, targeting any unsuspecting
victim, regardless of company, role, or affiliation. In the corporate setting,
this means all users are targets. But as large enterprises continue to invest in complex,
multi-layered security in response to the daily onslaught of attacks like
ransomware, the small and medium enterprise (SME) segment continues to be the
weak and easy prey, the “soft targets” that attackers enjoy the most.

Don’t miss: IT Security in the Snowden Era (TechRepublic/ZDNet Special Feature)

How did we get here?

Many SMEs
operate under a sense of denial when it comes to security — they consider themselves
too small a target for would-be cyber attacks. When compounded with the fact
that they often don’t have a dedicated IT/security department, this creates a
situation where assets and data are unduly put at risk.  

According to the Ponemon Institute (PDF), “The chances of an organization being hacked in a
12-month period is a statistical certainty and businesses of every type and
sizes are vulnerable to attacks.” It seems logical that your odds of being
hacked increase as the breadth of your security decreases, which is often the
situation SME’s find themselves in.

An attack
on one SME might not deliver the same gains as a Fortune 500 financial
services company, but given the greater ease through which hackers can attack SMEs,
the volume-based approach employed by the cyber thieves highlights the risk to
the lesser-protected. 

When “everywhere” is your office

Given
the continued blurring of the network perimeter with mobile devices traveling
in and out of the corporate setting, what little protection that is provided
often disappears the moment the device — most often a company-owned laptop or
tablet — leaves the building.

Mobile employees often connect to
the Internet from a café, hotel, or airport Wi-Fi. Surfing the web or opening
an email containing a malicious attachment, their machine can be inadvertently infected
with ransomware (or any malware for that matter). Unaware of the infection,
they bring the laptop back into the office, at which point the ransomware
spiders out across all connected network drives and infects the entire network,
putting the business at risk of catastrophic impact.

As you
can see from this all-too-real example, it really doesn’t matter how much
security technology the company has protecting its network: In today’s world
the endpoint device has become the weakest link in the perimeter — requiring a
different approach to security.

What can SMEs do? Look to the cloud.

Traditional
network-based security solutions such as firewalls, UTMs, and gateway filters
are simply no longer sufficient protection in today’s increasingly “perimeter-less”
world. Today’s business environment demands real-time protection that can keep
users continuously protected, regardless of their location. This doesn’t
necessarily always mean costly, complex security.

Thankfully
for SMEs, there are innovative security solutions available that can be
deployed via the cloud. As it has done for other IT functions, the cloud has
created security advantages for organizations, especially for SMEs. These
advantages include:

  • Persistent
    coverage for the protected user — at home, at an airport, at Starbucks — ensuring
    that malware such as ransomware doesn’t make its way on to systems, putting critical
    company data at risk. 
  • Updates
    without impact to end users or machine availability. 
  • A
    reduced capital and operational expenses, which is increasingly important to
    SMEs and state and local governments. 

Final thoughts

While the recent spates of
ransomware attacks don’t necessarily target SMEs, they might be the most susceptible. However,
they don’t have to be.