With cyber-crime on the rise and new threats constantly emerging, it can seem difficult to manage cyber risks. Both ransomware and cyber-extortion can access and hold company data, usually with the intent of making money off the company from which it was stolen.
Take a look at the image below to see the key differences between ransomware and cyber-extortion:
What is ransomware?
Ransomware is a type of software designed to cause harm to a computer, server, or network, and is used by cybercriminals to obtain data for financial gain. The attacker will demand payment from the victim to restore access to the information held at ransom. Payment can be any amount of currency even crypto currency.
How do they get access?
One way is phishing. This is a technique for attempting to access sensitive data. Attackers may do this by sending convincing emails that look like legitimate businesses or people to encourage you to open harmful links. If the person receiving the email thinks the email is genuine, they may fall victim to this, the harmful software is downloaded and executed on their computer. The attacker can then access sensitive data.
The Latest Phishing Statistics, AAG“Phishing is the main delivery method for ransomware. A 2022 study of 1400 organisations found that of the 26% that had experienced a ‘significant’ increase in the number of email threats received in the last year, 88% were victimised by ransomware. Compared with the 65% that experienced ransomware without such an increase in the number of email threats, we can see the dangerous link between these two attack types.”
How can you prevent ransomware attacks?
By following the simple mnemonic ‘SLAM’, you can help protect your organisation from an email phishing attack:
S – Sender of the email
L – Links in the email body
A – Attachments to the email
M – Message for the communication
The Latest Phishing Statistics, AAG“An estimated 3.4 billion spam emails are sent every day. Over 48% of emails sent in 2022 were spam.”
Take a look at the image below to view some ways to spot a phishing email. Read more about how to protect your organisation from phishing emails here.
How does Nourish try to protect from the risk of ransomware attacks?
Our ISO27001 certification enables us to become risk-aware as we are required to thoroughly consider risks and have stringent plans in place to mitigate them. Our primary aim is to maintain the confidentiality, integrity and availability of data at all times. By remaining informed about any new changes to cyber security and making good use of any additional technical or security measures, we can reduce the likelihood of these risks occurring.
Jess Osmond, Head of Legal and Compliance“Cyber attacks and phishing attempts are prevalent and constantly evolving in an attempt to catch people out. At Nourish we remain risk-aware and have processes in place to reduce the likelihood of these risks occurring. We encourage our customers and partners to talk to us about keeping data safe and utilising tools such as the DSPT.”
By using a business continuity plan Nourish aims to take actions to mitigate effects of any unforeseen or unexpected actions, including a cyber or ransomware attack. We encourage all organisations to implement their own business continuity plan and we can help with this with our advice and business continuity guidance for customer’s template.
You can read more about Nourish’s security management here.