According to CNN Business, there were 140 ransomware attacks to local governments, schools and hospitals from January 2019 through October. The increase in ransomware this year is likely connected to the increase in payouts. It makes perfect sense that a cybercriminal will go after the lowest hanging fruit and if there has been a trend in companies who are cyber-insured paying out ransomware demands then it is no surprise that these attackers will start to target companies with cyber insurance. Still, you are better off to be insured, but what can you do? Furthermore, why are companies paying out the ransomware demands?
Fuel To The Fire
It's simple to understand why it is easier to pay the attacker for the decryption key. It's often more cost-effective than dealing with the costs incurred by paying experts, lawyers, overtime rates to employees, public relations crisis management and waiting to recover files from backups. Paying the ransom is most likely more cost-effective, especially if the victim is insured and only required to pay the deductible vs. the full ransom amount. This logic makes sense but is fuel to the fire.
You may wonder why insurance would knowingly payout when fraud is involved but sometimes it is the best solution when weighing consequences. The same idea can be applied to other types of fraudulent claims. There are many times it's cheaper to pay a claim and settle out of court even when it seems to be fraud rather than to investigate and use expensive manpower to fight it. If cybercriminals are catching on and starting to target those who have cyber insurance, then what can be done?
Increase Your Cybersecurity Efforts
To stay a step ahead of the attackers, you must be vigilant. In the past, cybersecurity often consisted of finding threats and remediation of the threats but many companies were not taking time to prevent the threats. Reduce your attack surface and prevent both known and unknown threats. There are a few ways to do this.
- Keeping full visibility and limiting access control is a good start. Only enable applications that are necessary and useful for your company. Have an expert perform an IT Security Controls Audit.
- Update software and operating systems with the latest patches. As easy and obvious as this one sounds, you'd be surprised by how often updates and patches get postponed during busy times.
- Backup data regularly. You can rest assured that if something were to go wrong, that you are prepared and will not be at a total loss.
- Educate your employees to never click on links or open attachments in unsolicited emails and practice internet safe behaviors. There are a few ways to go about this. Phishing simulators, ongoing security awareness training and open communication in an environment where employees feel safe to be transparent about their mistakes are crucial.
- Block dangerous file types and scan your system for known malware or vulnerabilities.
Overall, you may not be able to stop the attackers from trying to hit your company with ransomware, but you can be prepared and have a strong holistic cybersecurity plan in place. If your employees are well-trained and educated you will have better protection. Finally, organizations are starting to realize that security involves many facets and it is EVERYONE's role in the company to protect from attackers.