Are you doing your part to improve cybersecurity? October is National Cybersecurity Awareness Month. This year, the Cybersecurity & Infrastructure Security Agency and the National Cyber Security Alliance will focus on the theme “Do Your Part: #BeCyberSmart.” It’s a good time to reassess your cybersecurity efforts and make improvements wherever possible.
Ransomware Attacks Have Gotten Much Worse
According to Tripwire, ransomware payouts increased 171% in 2020. The average demand was $312,493, but at least one ransom demand was as high as $30 million.
Many organizations keep backups in case of a ransomware attack. This can be a good strategy, but it’s not always foolproof. For one thing, ransomware attacks may target backups. According to Security Boulevard, some attacks don’t launch immediately. Instead, they stay dormant long enough to infect backups. Also, some hackers threaten to release stolen data, and backups won’t protect you from that.
Paying the ransom isn’t foolproof, either. The FBI does not support paying the ransomware demand and warns that doing so encourages future attacks and does not guarantee the return of your data. According to Venture Beat, 80% of organizations that paid a ransom were hit with another ransomware attack, often by the same group. Additionally, the Department of the Treasury has warned that paying ransomware demands could violate OFAC regulations.
In addition to the business interruption and financial loss, businesses may also face reputational damage after an attack. This may be why, according to Fox News, a survey found that 61% of business owners admitted that they had concealed a breach. Hiding this information may put consumers at risk, however, and the National Conferences of State Legislatures says that all 50 states enacted breach notification laws.
When it comes to ransomware, prevention is the best – and possibly the only – solution.
But It’s Not Just Ransomware You Have to Worry About
Ransomware tends to dominate the headlines, but it’s not the only cybersecurity threat. Businesses also have to worry about business email compromise schemes, phishing, denial of service attacks, and other dangers.
Sometimes, these attacks are designed to be a vector for ransomware, for example, when hackers use phishing attacks to launch ransomware. Other times, these attacks serve another purpose, for example, when scammers use business email compromise schemes to trick people into authorizing wire transfers. Either way, these attacks are bad news, and just like ransomware, they’re getting more sophisticated.
These days, you don’t just have to worry about spoofed emails and text messages. Thanks to deepfake technology, even phone calls and videos can be faked. According to Infosecurity, a report has warned that deepfake attacks could lead to substantial losses over the next two years. VentureBeat warns that the attacks are already here, and that deepfakes could even be used to bypass biometric security measures.
As a result of heightened cybercrime activity, cyber insurance rates have risen dramatically, with the average increase coming in at 25.5% in Q2 of 2021. That said, some businesses are seeing rate increases as high as 100% or more, and others are not being offered coverage. Carriers are often requiring multi-factor authentication protocols as a condition of offering coverage.
The threats keep evolving. Your cybersecurity practices need to evolve, too. Now is a great time to help spread awareness of cybersecurity issues throughout your organization.
Use the hashtag #BeCyberSmart to help spread awareness for cybersecurity, and CISA will be providing various resources to help raise awareness. CISA also provides technical and non-technical resources designed to help people improve their cybersecurity practices.
If you haven’t reviewed your cyber insurance recently, it’s a good time to talk to your Heffernan Insurance Brokers representative, so you can get a clear understanding of your coverage and make any needed updates.