Ransomware Attacks Continue to Grow
The seemingly endless assault on our privacy, our businesses and our government continues to increase, with 2019 setting new records for the number of cyber attacks and the costs of recovery skyrocketing more than 300% over 2018.
A favorite target in 2019 was public entities, particularly smaller cities where IT security is more likely to be less than ideal and the need to restore essential government services is urgent and pressing.
Despite recommendations from the FBI not to pay ransom, 17% of the nearly 100 cities affected in 2019 did make a payment, usually in bitcoin, in order to regain access to their computer systems. Municipalities are caught in a bind between public and media pressure to a problem that could affect thousands of individuals and the distasteful prospect of making a payment that only encourages bad actors to continue their practice.
The alternatives to not paying can be daunting: In May, Baltimore suffered an attack with the hackers demanding $76,000. The city refused to pay and to date has spent more than $18 million in both direct and indirect costs associated with the attack. Atlanta fared no better – by refusing to pay $52,000 in bitcoin Atlanta has estimated the costs of recovery and lost business will exceed $17 million.
Regardless of target – public entity, private or public business, the best way to avoid ransomware is through planning and preparation. Investment in IT security tools before an incident occurs is the most basic and obvious strategy. And even a cursory review of stats associated with ransomware make it plain what your strategy should be.
The following observations should be considered in the context of your own operations:
- Not surprisingly, nearly 60% of all attacks are through desktop computers, the very computers that are likely to be aging and not adequately protected. Failure to update existing hardware and software with patches in order to close vulnerabilities is the leading cause of hacker success. Computers and networks are often rife with unclosed doorways that allow entry into “secure” systems. There are numerous tools and services to deal with “vuln patching.” This should be your starting point.
- Institute and enforce a company-wide backup procedure that will allow for rapid restoration of compromised systems. Test and update these backups frequently and ensure they are not connected to the systems they are backing up.
- Create a disaster recovery plan so that if and when a problem occurs you are ready. Business continuity planning should be an essential part of any organization’s preparedness.
- Make sure you have the correct cyber insurance policy(ies) in place for the business. Establish relationships with your insurer, your insurance agent and internal and external cybersecurity personnel to review and strengthen procedures and security protocols.
- Educate employees to recognize email phishing and to report any suspicious activity around their email accounts. Clicking a link in an email is a common way for a hacker to seize control of your computer system.
Ransomware shows no sign of abatement. Rather, as these attacks are rewarded by willing payers the likelihood of their popularity is assured. Risk managers need to refine their approaches to this dilemma and mitigate risk exposure through greater planning and vigilance in all aspects of their technical infrastructure protocols.
Leave a Comment