How to minimise the risk of a Ransomware attack on your business
With 62% of ransomware attacks in 2020 targeting small to medium enterprises (SMEs), the need for companies to protect themselves against cybercrimes has become more important than ever.
In this article, we take a look at the current impact of ransomware on SMEs and what methods Australian businesses can take to help minimise the risk of a ransomware attack.
What is Ransomware?
Ransomware is a form of malicious software that cybercriminals have used to financially exploit Australian businesses for many years. Traditionally, hackers employed ransomware to encrypt critical files on a company’s network and block administrator access, subsequently demanding victims pay a ransom to restore their files. Businesses slowly adapted to this threat by improving their IT systems and conducting regular backups of critical systems - but as many security experts recognise - it is nearly impossible to stay ahead of cybercriminals.
Ransomware also evolved as threat actors discovered new sophisticated methods of attacking businesses, including double and triple extortion techniques. These techniques include threatening to publish exfiltrated data on the dark web, selling stolen information to criminal groups and launching Distributed Denial of Service (DDoS) attacks against businesses to cripple their network. These threats increase the pressure and serve to further encourage victims to pay the ransom.
A company’s IT systems can become infected by ransomware in many ways. Most commonly, businesses are exposed to ransomware through phishing emails, also known as social engineering. These emails are often sophisticated and highly targeted, designed to manipulate unsuspecting employees into clicking malicious links or attachments to infect the entire network.
Recently, ransomware has also infected a huge number of business’ networks by exploiting common vulnerabilities in web servers as a point of entry. The 2021 Annual Cyber Threat Report, developed by the Australian Cyber Security Centre, found that there has been a 15% increase in ransomware cybercrime reported in the 2020–21 financial year.
To combat this increase, the newly introduced Ransomware Payment Bill aims to impose a “ransomware payment notification scheme” whereby government agencies and businesses that turnover more than $10 million AUD will be required to notify the Australia Cyber Security Centre before paying a ransom.
How is Ransomware a threat to SMEs?
It’s a common myth that only large companies are impacted by ransomware; 62% of the ransomware attacks in 2020 were on small and medium enterprises (SMEs). Ransomware has become extremely harmful to all businesses, contributing to 81% of financially motivated eCrimes globally. This form of cyber-attack can cripple IT systems, websites, customer data and payment systems. Ransomware poses a major operational risk to businesses of all sizes, industries and revenue. A ransomware attack would threaten the financial stability of a small business due to the loss of revenue, IT recovery costs, network remediation and cost of paying the ransom if the business chooses to do so. A recent survey found that the average Ransomware downtime cost alone was $274,200 USD ($377,700 AUD) for SMEs in 2020.
Methods to mitigate Ransomware
1. Provide formalised phishing and cyber security awareness training to all employees
Teach employees how to identify malicious emails and, where possible, report suspicious emails to IT or senior management. This will help to reduce the likelihood of employees exposing the business to infectious websites or email attachments, as recent data has shown that 54% of ransomware attacks are caused due to phishing emails.
2. Flag all emails which originate from outside of the organisation
Incorporating an automatic alert on all external emails can help prevent hackers from impersonating internal staff and attempting to gain system access to perform funds transfer fraud.
3. Use antivirus and anti-spam solutions
Implement a spam filter to prevent the majority of phishing emails from reaching the network.
4. Enable multi-factor authentication
Using multiple layers of verification to confirm an employee’s identity whilst logging in can increase network security in the face of weak passwords and increased endpoint vulnerabilities caused by working from home.
5. Complete regular patching of all hardware, software and operational technology
This can help to prevent hackers from targeting common software vulnerabilities with malware in order to gain control of a company’s network and data. These exploits are perpetually discovered by criminals and can be greatly reduced by deploying critical software patches.
6. Follow the principles of network segmentation and least privilege
Restricting local admin privileges as much as possible ensures that if credentials are compromised, hackers are vastly restricted in their ability to move laterally or cause further network disruption.
7. Maintain system backups
Maintaining an up-to-date offline copy of critical system data does not prevent an external threat but often gives more options to organisations when determining whether they want to negotiate with the cybercriminals or attempt to rebuild the system themselves.
Why is Cyber Insurance crucial in mitigating ransomware?
Cyber insurance responds to claims made by victims of a ransomware attack. This includes:
- Immediate 24/7 access to incident response services following an actual or suspected cyber event
- Ransom payments* and access to specialist ransom negotiators
- Loss of profit related to business interruption following a Ransomware attack
- Costs to repair and restore IT systems and data
*where it is legal for insurers to pay a ransom
It has never been more critical for businesses to take proactive measures to help manage their cyber risk, including the implementation of cyber insurance cover. A cyber insurance policy is an extremely valuable risk transfer tool for every business. With a cyber insurance policy in place, access can also be made available to cyber security training modules and risk awareness videos as part of your business’ policy, helping your business and your team to identify and prevent cyber-attacks.
The threat of ransomware is continually evolving in complexity and frequency, meaning that no business is safe. Protect your business from Ransomware attacks today by talking to Marsh’s cyber risk experts for a solution to help keep your company safe.