The Alarming Threat of Ransomware on Small Business
Ransomware attacks on businesses large and small increased exponentially in 2020 and show no signs of abating in 2021.
What you need to do now to protect your business.
The day starts like any other. Business is looking up after a rough year living through a pandemic. With life starting to resemble some form of normalcy, you’re feeling optimistic about the future. Heck, maybe you’ll dig out those expansion plans you had in mind pre-COVID. You log into your company’s network, and suddenly, something doesn’t appear to be right. After a few reboots, you realize that something is very wrong and panic sets in. You can’t access your files – or any files for that matter. A message pops up saying that your system’s data has been encrypted. Encrypted? To get it, the text says that you must purchase a bitcoin using the provided link, or else your data will be made public in a matter of hours or disappear. Questions race across your mind. How much is a bitcoin? What if your competitors see your financials? What about your customers’ data or employee information? How did this happen?
RANSOMEWARE ATTACKS ARE ON THE RISE
According to a recent article in Forbes, the popularity of ransomware attacks has grown substantially over the past year due to the lure of potential financial gains. Today, there are now roughly 124 separate families of ransomware, with hackers becoming very skilled at hiding malicious code.
Ransomware can be explained as malicious software or malware code that infects a businesses’ operating system rendering it useless, or the businesses’ data is “captured” and encrypted. The perpetrators then demand money from the victim for release of their data or to allow the system to work properly again, in essence holding the system for ransom.
Ransomware affects everyone, from an individual to a government municipality to a large multi-billion-dollar corporation. The Chicago Tribune recently reported on a damaging ransomware attack made against the Illinois Attorney General’s office. In May, CNA Financial Corp., among the largest insurance companies in the U.S., paid $40 million in late March to regain control of its network after a ransomware attack. And most recently, the international hacker group DarkSide paralyzed the Colonial Pipeline Co., shutting down a 5,500-mile pipeline that carries 45% of fuel used on the East Coast. Colonial paid DarkSide $4.4 million in Bitcoin for a key to unlock its files.
TOP TARGET FOR RANSOMEWARE ATTACKS: HOSPITALS, MUNICIPALITIES, AND SMALL BUSINESSES
While attacks on well-known companies generate headlines, according to multiple IT research firms, it is often small and medium-sized businesses that suffer the most ransomware attacks. Prior to the pandemic, the Ponemon Institute reported that 63% of small businesses, surveyed in Fall 2019 reported they had experienced some sort of a cyber breach. Globally, ransomware on small businesses of all types increased more than 400% over 2019 with hackers’ desire for obtaining cryptocurrency, such as bitcoin, being the key motivator. Because business owners have been preoccupied with keeping their businesses open over the past year, the attention on things like ransomware has become a lesser priority, hence increasing their exposure.
Small businesses are exposed to cyber risk from multiple angles, and it only takes one click to infect an entire network. According to an article in Fast Company, in the early days of ransomware, hackers typically wrote their own encryption code. Nowadays, hackers, otherwise known as “threat actors,” rely on “off-the-shelf ransomware kits.” Readily available on the dark web, these kits are harder to crack and more sophisticated in delivering concentrating phishing campaigns that are less recognizable than a traditional phishing email blast. Once threat actors infiltrate your network, they either move fast to gain access and take complete control over your system, or they lie dormant, slowly collecting data for months or years.
PROTECTING YOUR BUSINESS MEANS ACTING NOW
IT professionals and research firms unanimously agree that the top causes of successful ransomware attacks include clicking on links in phishing emails, employees receiving little to no training, and using weak or infrequently changed passwords. If you’ve put off having your system audited or tested, now is the time to connect with a good managed service provider (MSP), especially as business starts to increase as more transactions begin to take place.
A good MSP will work with business owners to help them adapt a robust cybersecurity policy that protects sensitive data and prevents it from falling into the hands of malicious third parties. They can also train staff in the art of practicing better “cyber-hygiene,” such as using stronger passwords and learning what constitutes phishing emails and malware. MSPs can also install needed patching software, implement a multi-factor authentication (MFA) of your business applications, and deploy solutions like firewalls with intrusion detection and prevention, anti-virus and anti-malware services running on servers and computers, and perform a complete backup of all critical data offsite. Many IT experts say that a large amount of small to mid-sized businesses have a false sense of security, especially in believing that “everything is safe in the cloud.” This is exactly the mindset that threat actors look for in selecting their next target.
REVIEW YOUR GENERAL INSURANCE COVERAGE FOR CYBERSECURITY COVERAGE
Cyber coverage needs to be factored into every small business’s insurance portfolio, specifically a security liability or an Enterprise Cyber Liability (ECL) and privacy liability clause. Unfortunately, many small business owners do not take the time to review what’s covered with respects cybersecurity, citing that it’s too complex to understand. Some elect to forgo the coverage all together believing the coverage is a “nice to have” versus a “need to have.” Please note that typically workers’ compensation policies do not include ECL coverage. Retailer’s Insurance does offer cyber coverage with its policy.
Your agent can help you understand the risks, and review common loss scenarios, the typical response time, and the claims submission process. For small businesses that offer services via a third party, agents can help in identifying if there is an additional level of exposure from customers who may hold them contractually liable for cyber-related incidents. Lastly, agents can also recommend MSPs that can work with you to identify, strengthen, and manage your security exposures — usually at no additional cost.
YOUR BEST DEFENSE? EDUCATION!
Most victims of ransomware attacks admit that they had little knowledge about it. Here are a multitude of resources that devote much “ink” to the topic in the hopes of highlighting all types of scenarios. In addition to keep yourself educated, think about having a regular discussion on cybersecurity with your staff.
Here are some suggested resources to bookmark:
• U.S. Cybersecurity & Infrastructure Security Agency: cisa.gov/ransomware
• U.S. Department of Justice: justice.gov
• Cybercrime Magazine: cybersecurityventures.com