Malware attacks: Ransomware infection at the weakest point

Earlier this year, a hospital in Kentucky declared an “Internal State of Emergency” because of an email-based cyber-attack that saw many of its crucial files encrypted by a malware attachment. The perpetrators demanded payment to unlock the data, and the hospital had to revert to a paper-based system while its IT staff worked with the FBI to solve the problem. This sort of malware attack is becoming more and more common.

This hospital’s misfortune was not an isolated case – two medical centers in California were infected during the same week in similar ways.

Ransomware attacks are happening with increasing frequency, and are a cause of concern for any organization that uses networks, email, and internet connectivity. In other words, everyone. These incidents demonstrate just how easy it can be to bring a major institution to its knees.

Malware, unfortunately, is a reality of modern commerce

Whether we work in the public or private sector, large or small scale, whether we sell auto parts or medical expertise, we are all tied together, using global network resources that touch almost every point on the planet, and connect everyone together.

Ransomware attacks are launched from inside an organization when an unsuspecting individual receives an email that includes two components. The first is a manipulative element of fear or surprise and the second is an attachment that carries an executable virus. When an employee reads an email that includes an invoice statement, or an urgent notice about a frozen bank account with a “click here” link, there is little time for thought. The attachment is opened, and the  digital invasion begins.

Companies spend billions annually on IT and data security to avoid a data breach. Sophisticated tools keep track of weaknesses and intrusions in a perpetual game of cat and mouse with black hat organizations that could be lurking around the corner or on another continent. But, one factor is often overlooked in even the most secure of businesses: the time-challenged human worker.

Most employees, whether they work behind a desk, on a shop floor, or on the road, generally feel overburdened. Emails pour in, and the expectation is that they should be answered immediately whether from a desktop or a smartphone – making them prime victims of a malware attack.

Acting without thinking is the culprit. To act without thinking means reacting reflexively with no opportunity to stop and ask “why am I doing this?” or “is this legitimate?”

These sinister emails simply appear as one part of a never-ending inbox queue. The pressure to answer them quickly and get back to real work means people cast judgment aside, and that is where the trouble is rooted.

The future of commerce depends on the ability of people to stay alert and street-smart

This is about staying conscious of your environment and not falling prey to careless reactionism. It demands processes and procedures where employees move systematically from task to task with adequate time to take a breath. It requires time management and team management skills that support and encourage mindfulness.

Such a climate is not a “nice to have” but a “must have.” And, it translates directly into a technology requirement because the result of a calm mindset in place of a distracted one may mean the difference between an IT system or commerce platform that is working properly, and one that falls unintentionally into crisis.

Ransomware might be the creation of an outside force, but in many cases, it is released into a system through the actions of someone on the inside. Proactively training your staff members to slow down and think things through is relatively inexpensive and easy.