According to a Chubb Insurance report, there have already been more instances of ransomware than in all of 2018. The report, titled, “Adapting to the New Realities of Cyber Risks,” was released in the third quarter of 2019. So far, the number of claims Chubb has received for ransomware have increased to 18% from 12% in 2018. It’s not difficult to see that ransomware is still on the rise. In Canada, we have seen a tremendous increase in news reports of ransomware. Consider just this year, Ontario municipalities Woodstock, Stratford and The Nation suffered a ransomware attack. Three Ontario hospitals (Listowel and Wingham, ON and Toronto East General Hospital (now Michael Garron Hospital)) have also suffered ransomware attacks. In the U.S., many major cities have had their civic governments shut down due to ransomware. Some, like Riviera Beach, have elected to pay a staggering ransom. While ransomware is increasing, it is also becoming much more sophisticated. And hackers are asking for even more money. As Chubb North America financial lines claims vice-president and cyber lead Anthony Dolce says, “As bad actors are continuously changing their attack techniques and increasing the complexity of the ransomware, it’s imperative to implement multiple layers of preventative measures to mitigate potential incidents and ensure a reaction plan is in place if an attack occurs.” The Chubb report also mentions how some demands are now in the 6 to 7 figure range. It just makes sense to do all you can to protect yourself from an attack. And if you think your business is too small to be a target: The Chubb report states that Ransomware accounts for 23% of cyber claims for smaller businesses (with revenue less than US$25 million) in 2019. How should any business protect themselves from ransomware? Here are four areas of focus that can help with prevention or recovery from ransomware.
- Investing in a trusted security solution and partner. Detection and removal of malware is essential not only to protect your business, but also to prevent these threats from spreading further. For organizations that need help, a Managed Security Services Provider can help manage this process for your organization.
- Make regular backups of files. While backups in the cloud are good, physical backups stored outside your network are less likely to be reached. Automated online backups could be affected by cyber attacks; criminals have a stake in overwriting them or making them inaccessible. In addition, having backup media that are not rewritable or reusable can be beneficial. If you can’t change what’s written there, criminals can’t either. Check that your backup works correctly and that your media are still readable. Make sure backups are saved.
- Cyber security Awareness training for staff. Organizations invest in security technologies, however, far fewer investments are made in employees. Security Awareness Training is key to making your employees your greatest asset. Most ransomware gets into an organization through some type of phishing email. Teaching employees how to spot a potential scam could be the difference between prevention and recovery.
- Your organization should already have in place a process in case of a cyberattack. Remember that apart from the direct impact on your business, a security breach can affect your customers’ trust. Communication strategies should be included in your planning, in addition to other measures you should put in place following an attack. A service, such as Uzado’s BRaaS (Breach Readiness as a Service) is such a service that can help prepare, plan and strategize for a potential cyber-attack. If you have followed point 2 above, luckily you will at least have back-ups available to help restore your network and at won’t have to pay a ransom.