CompTIAWorld | FALL 2017 36 Rob Rae, vice president of business development for Datto, Inc., a CompTIA Premier Member, says, above else, do not pay the ransom. “Companies should be investing in protection instead of paying the ransom,” said Rae, also vice chair of CompTIA’s Vendor Advisory Council. “Once you’re infected, you’ve downloaded the software onto your system. Paying the ransom doesn’t remove the software – and it could very well happen again.” Ransomware is a term for the many variations of malware that infect computer systems, typically by social engineering schemes. Ransomware sometimes marks the files for permanent deletion or publication on the internet. The perpetrators then demand a payment, usually in untraceable cryptocurrency like Bitcoin, for the private key required to decrypt and access the files. Datto’s research shows that the average ransom requested is typically between $500 and $2,000, but 10 percent of managed service providers report the ransom average to be greater than $5,000. But it’s not just the money companies are losing – they’re losing time as well. The downtime following an attack can be crippling. While Rae’s proactive approach to fighting ransomware is ideal, not every company is taking preventative matters into their own hands. CompTIA’s The Evolution of Security Skills research shows that while organizations are acknowledging the importance of security, they are coming up short in readiness. “Building an impenetrable defense is no longer practical and the mentality of preventing all breaches is outdated,” said Seth Robinson, senior director, technology analysis, CompTIA. “But a new, proactive approach combining technologies, procedures and education can help find problem areas before attackers discover them.” It’s a plotline that’s applicable to any business in any market. The SMB Story On the big screen, the villain usually gets a good dose of karma in the end. But, the forces behind cyber-threats like ransomware are unknown – and that poses a huge problem. One of the challenges for organizations is that they tend to place the greatest emphasis on the cyber-threats they understand the best. Malware and viruses, two of the oldest forms of cyber-attacks, typically get the most attention. Meanwhile, CompTIA’s research shows that most companies are only slightly concerned that they would be the target of something else – like a dedicated denial of service, social engineering, Internet of Things-based attack, SQL injections or ransomware. “We’re seeing significant growing threats to small businesses today,” Rae says. “The press covers larger stories about data being lost so small businesses may not think they are risk. But in essence small businesses are even more at risk because they don’t spend as much on security and may not be thinking about their vulnerabilities.” According to Rae, ransomware is the biggest threat in the SMB space right now. When Hollywood puts a wealthy business mogul together with a kidnapping and a ransom demand they have a tried and true formula for a hit action movie. But, in the IT world, the hostage is valuable data, the villain wants your money and the victim is often a small business. Ransomware is the threat of the moment. The question is: What should you do when you find your business infected? “...above all else, do not pay the ransom.” – Rob Rae