What Businesses Can Do to Prevent Ransomware Attacks and Limit Their ImpactRisk Management
Table of Contents
- Why Are Ransomware Attacks on the Rise?
- Taking Steps to Prevent Ransomware Attacks
- Responding to a Ransomware Attack
- Protecting Your Business with Cyber Liability Insurance
The threat of cyber attacks is a risk that truly affects every single business, regardless of size, industry, or geographic location. Another irrefutable fact is that the frequency and cost of cybercrimes are both constantly on the rise.
Of the many types of cyber attacks that exist and can cause severe damage to your business (both financially and reputationally), malware has emerged as the most common. Malware literally means “malicious software.” When using malware as the attack method, cybercriminals attempt to install a program or file onto your computer network that’s designed to create some type of problem for your network and your company.
And while there are many types of malware, ransomware has recently emerged as the most popular in the world of cybercrime. According to the 2021 IBM X-Force Threat Intelligence Index, ransomware comprised 23% of all cyber attacks on businesses, making it the number one threat.
It’s called “ransomware” because its goal is literally to block or capture your system, device, or even an important file, and not give it back to you until you have paid a ransom. It can “capture” your important data in a variety of ways; threatening to erase files or data, blocking access to your system completely, or encrypting files so that you can’t use them.
Cybercriminals understand how valuable data is to businesses, especially if it’s personal customer data such as credit card or Social Security numbers.
That’s why ransomware is so popular with cybercriminals; because it increases their chances of getting paid. Why go through the painstaking planning that’s involved in trying to steal directly from company accounts when you can take their data hostage and ask them to pay you for it?
Why Are Ransomware Attacks on the Rise?
According to a recent report by VMware Carbon Black, ransomware attacks have increased by 148% since the onset of the COVID-19 pandemic and the ensuing increase in remote working.
Not only is the frequency of ransomware attacks on businesses increasing, so are the ransom prices. The National Security Institute reported that the average ransom fee requested has jumped from $5,000 in 2018 to $200,000 in 2020.
Obviously, the new work-from-home mandates have helped cybercriminals infiltrate computer systems. When working from home, employees are no longer protected by the systems and protocols established in-office to help protect them from such attacks.
Employees often lack the training they need to keep their computers safe at home. From basics such as only accessing work data via company computers or making sure that their routers are secure to other more advanced recommendations, employers need to do a better job of educating staff in order to properly adjust to the “new reality” of working from home.
But it’s also very important to note that cybercriminals are getting more sophisticated each year, as are the methods they use to spread ransomware. One example of this is the way a malicious email looks today when you receive it.
Several years ago, a malicious email was easier to spot. It was rife with spelling errors, shaky narratives, and strange email addresses. Cybercriminals have recently polished up their approach to email attacks, making them almost indistinguishable from an email you would receive from your boss in terms of look, structure, and content. This has made social engineering and phishing attacks especially effective in recent years.
The COVID-19 outbreak has also enabled cybercriminals to use the fear of the virus to their advantage, creating sophisticated email schemes posing as representatives from the Center for Disease Control and Prevention (CDC) or World Health Organization (WHO).
It’s, then, no surprise that according to a recent survey, 45% of employees admitted they often click an email they consider to be suspicious “just in case it’s important.”
Taking Steps to Prevent Ransomware Attacks
Now that we’ve established that ransomware and malware, in general, pose tremendous risks to the safety of your business’s data, let’s take a look at what companies can do to defend themselves from these risks in an effort to prevent ransomware attacks from infiltrating their systems.
Educate and Train Your Staff
In terms of prevention, there is no step more important than educating and training your staff. Ideally, you want your staff to be very aware of the threat of ransomware; knowing how to spot it and knowing what to do and who to contact if they notice something suspicious.
Staff training regarding cybersecurity should be installed as a part of your onboarding process and these training sessions should be repeated and updated on a regular basis in order to keep your employees vigilant and constantly remind them of the importance of these efforts.
Most ransomware attacks are directed specifically at staff via email, making them your first and most important line of defense.
Establish Plans and Protocols
Ransomware attacks have become so frequent that they’re practically unavoidable at this point. That’s why you need to have company-wide plans and protocols in place, not just for protecting yourself from them, but also for responding to these attacks when they inevitably do occur.
Your IT security team, whether in-house or outsourced, should play a large role in defining these plans. Once they are defined, it’s once again most important to focus on making sure that your employees are aware of these plans and protocols.
Roles need to be defined in the event of an attack, communication and action protocols need to be made clear as well. If your employees receive a suspicious email, who should they notify? If your IT security team does confirm that an attack has occurred, is there a list of possibly affected partners and vendors who must be notified? If so, whose job is it to talk to them?
All of these actions need to be clearly defined by management and effectively communicated to your entire team.
Back Up Your Data Regularly
In terms of concrete actions that need to be taken to help your company recover from a ransomware attack, experts recommend that backing up all of your most important data on a very regular basis is the best way to increase your chances of recovering from a ransomware infection successfully and with as little damage as possible.
Most importantly, your files that are backed up should also be protected properly and preferably stored offline in order to keep them away from cyberthreats. Of course, storing files offline comes with another set of risks. They could be stolen or a fire could destroy them, for example. This is why companies should ideally back up their important data both on and offline.
Using cloud services to back up data is a good idea because you will be able to retain previous versions of files and roll back to unencrypted versions of the files that may have been infected by a ransomware attack.
Keep Your Systems Up-to-Date
Be sure that your IT team is always keeping your operating systems up to date. This should include all hardware, software, and applications that you are using. You should be paying particular attention to any security and anti-malware software you may be running.
If possible, turn on an “auto-update” option so that you’ll automatically get the latest security patches when they are released. Backing up your system and making sure that it’s up to date are the two most obvious and effective ways to ensure early detection when a ransomware attack does occur in order to respond to it accordingly.
Impose Restrictions on Access
Restrict access to vital parts of your system to decrease the chances of ransomware infiltration. When you remove local administrative rights and restrict code execution and system access, you are helping to decrease the chances that ransomware will infect local systems and then spread to all other parts of your network.
Experts also recommend restricting user write capabilities and preventing execution from user directories. Many types of ransomware require write access to file paths in order to be installed and executed. If you are limiting the write permission to a small number of directories, you are helping to protect your system.
Focus On Email
As we have already mentioned several times, most ransomware attacks occur via email. That’s why special attention needs to be given to securing this very important and susceptible part of your business’s operation.
Experts recommend robust filtering options be installed. The logic behind this is simple. The fewer emails your employees receive, the smaller the chances are that they will be exposed to a malicious attack.
It’s also recommended to block attachments from emails if possible and find different ways to deliver and distribute safe files within your team. Ransomware is most often delivered via some type of executable attachment, which is why using an email security application to delete all attachments is a smart protocol to install.
Focus On Your Network
At the network level, firewalls are another general best practice. Firewalls should be able to limit remote desktop protocol (RDP) and other remote management services that can be manipulated by cybercriminals.
Experts also recommend implementing an Intrusion Detection System (IDS), which will search for malicious activity on your network by making comparisons between network traffic logs and signatures that detect known malicious activity.
While both are related to network security, the difference between firewalls and an IDS is that firewalls work towards limiting access between networks to prevent infections while an IDS will be able to quickly spot an intrusion if it occurs.
Responding to a Ransomware Attack
As we’ve already mentioned, completely avoiding ransomware attacks is practically impossible. This is why it’s important to properly respond to one when it does occur in order to limit the damage that it causes.
Here’s a quick overview of some of the first steps your team should take when an intrusion has been identified:
- Take a System Snapshot: If possible, take a snapshot of your system memory before shutting it down. This can help you later in the process of identifying the attack vector and decrypting infected data.
- System Shutdown: Shut down your system completely in order to limit the damage.
- Decide Whether To Notify Authorities: Usually, businesses should notify authorities as soon as any type of cyber attack occurs. However, ransomware attacks are specific. The ransom being asked for by the attacker will usually go up the longer they have to wait. And if you’re involving the authorities, there will most likely be a long investigation involved. This both increases the chances that you will never get your data back and it will surely increase the price you will have to pay for it if you do decide to strike a deal.
Once you’ve responded to the cyber attack, it’s time to start investigating it in order to understand how it occurred and recover. This will help your entire organization to update your plans and protocols and take steps towards ensuring that the same type of ransomware attack will not compromise your systems in the future.
Protecting Your Business with Cyber Liability Insurance
Whenever you have a business risk that is all but inevitable, the best way to mitigate the impact of the risk is by transferring it to a third party. This can be done by purchasing business insurance.
When your company buys an insurance policy, it enters an agreement with the insurer. You are basically paying them to take financial responsibility for your business risks. When we are talking about ransomware and cybercrime in general, the insurance policy that businesses turn to is called a cyber liability policy.
This coverage will offer your business financial aid in the process of recovering from a cyber attack.
If a ransomware attack results in data loss that needs to be recovered and recreated, business interruption and temporary closings, a loss of transferred funds, or loss of money due to cyber extortion or computer fraud, these costs would be covered by your policy.
A cyber liability policy can also be extended to cover costs related to third parties, including the costs of notifying affected customers, partners, and vendors, credit monitoring, civil damages if you are being sued by a third party, computer forensics and investigative costs, and even PR aid that will cover any costs related to recovering from reputational damage caused by the attack.
As anyone who has had to recover from a cyber attack knows, they can be incredibly expensive. According to the Sophos “State of Ransomware 2021” report, the average cost of recovery from a single ransomware attack has more than doubled since 2020, increasing from $761,106 to $1.85 million in 2021.
The report also states that the average ransom paid by businesses is currently about $170,404. And remember, the ransom itself represents just a small fraction of the costs related to a ransomware attack.
Having to deal with these types of extreme costs can financially cripple a large corporation, much less a small business or young startup. That’s why having a cyber insurance policy is so important. It can help your business survive such an attack by transferring the financial repercussions of the attack to the insurance company.
If you’d like to learn more about cyber liability insurance and discuss your company’s insurance needs in detail, don’t hesitate to reach out to one of our expert brokers at any time.
Practice good work-from-home cybersecurity hygiene to keep yourself, your family, and your employees safe. Learn more by reading our tips.
Learn why having a strong cybersecurity risk management plan is paramount for any modern business that relies on the Internet to connect with clients and business partners.