Ransomware is by far and away the fastest growing attack method
in cybercrime. It’s a trend that has only continued in 2019, with a serious
uptick in the number of ransomware incidents and insurance claims in just the
last couple of months.As the volume and efficacy of attacks continue on an upward
trajectory, another trend has emerged: more and more victims are paying the
ransoms.Evolution of
Ransomware
A few years ago, if a company was locked out of its data by
hackers, it wasn’t necessarily inclined to pay the ransom demand. That’s
because there used to a “silver bullet,” in that if the company was doing
regular backups of its systems, it could restore its data.However, malware sophistication is outpacing our defenses.
Among the emerging advancements in ransomware is the use of command-and-control
bots, used to not only encrypt data, but also navigate through computer systems,
steal credentials and gain access to system administrator accounts. This
complex malware gets hackers into the production environment as well as the
backup system to deploy the ransomware encryption. With today’s malware, there’s
no longer a perfect mitigating control.As a result, more and more victims end up paying the ransom.We saw this recently in a rash of attacks
on municipal governments. In June, Lake City, Florida had its entire
records database —100 years’ worth of official records — ransomed by hackers
who demanded over $460,000 to restore access to the city’s encrypted computer
system. With no good options, the city paid. Other small, medium and large
cities have been recent victims of ransomware attacks, from Baltimore to
Jackson County, Georgia.Timing is Critical Ransoms are insurable under cyber policies, as are other
costs associated with an attack, such as forensic investigative expenses,
remediation costs and business interruption losses. How your cyber policy is
written can have a big impact on the outcome and timing is a critical consideration.While a cyber policy may cover the ransom, there can be some
delays in paying out the demand. How is your policy worded when it comes to
approving ransoms? How long will it take to get the go-ahead? How much
experience does your carrier have in handling ransomware incidents? The longer
the delay, the greater the costs.Additionally, most cyber criminals demand payment in cryptocurrency
such as bitcoin. However, most insurance carriers (as well as most people,
businesses and government entities) don’t have easy access to cryptocurrency. Some
cyber insurers have vendors on retainer who can access bitcoin quickly. This is
important because if a network is down two or three days and part of the delay
is waiting to get approval and bitcoin payment from the insurance company, it
can create reputational damage.Steps to Mitigate
DamagesEvery enterprise, public or private, of every size and
industry, is susceptible to ransomware incidents. While there’s not much in the
way of technology or risk management that can be done to effectively eliminate
the risk of a ransomware attack, there are a few things you can do to mitigate
damages:
Check your
policy. There’s value in working with your insurance broker to make sure
your policy is well-crafted and that ransom demands will be approved and paid
expeditiously.
Employee
training. In the majority of cases, bad actors are able to gain access to a
system and deploy ransomware because of human error. An employee clicks a link,
opens an attachment, downloads a file, or unwittingly gives away credentials. Train
your workforce so that they’re able to spot red flags.
Have a
post-attack plan. Make sure you have a business continuity plan and an
awareness around what key systems are needed to keep your business up-and-running
so you can continue to serve your customers.
There are many ways to do DevSecOps, and each organization — each security team, even — uses a different approach. Questions such as how many environments you have and the frequency of deployment of those environments are important in understanding how to integrate a security scanner into your DevSecOps machinery. The ultimate goal is speed […]
It’s Cybersecurity Awareness Month, but security awareness is about much more than just dedicating a month to a few activities. Security awareness is a journey, requiring motivation along the way. And culture. Especially culture.That’s the point Proofpoint Cybersecurity Evangelist Brian Reed drove home in a recent appearance on Business Security Weekly.“If your security awareness program […]
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news