As IT professionals, we tend to focus on data from technical sources to help identify what the latest trends are with technology, security, threats, etc. Here at KnowBe4, we’ve pointed out time and time again about the increase in the popularity of ransomware as a threat tactic.
But now, we’re hearing more about the danger of ransomware from insurers. In the case of CFC Underwriting, it’s not the cost of the ransom organizations should be concerned about; instead, CFC wants organizations to understand the impact post-infection:
“So, the costs that are incurred with municipalities are things that people don’t actually spend too much time selling cyber on,” said Lindsey Nelson, international cyber team leader with CFC Underwriting. “It’s all those system damage and rectification costs when systems go down and people have to wipe their servers completely clean as a result of ransomware. It’s the cost to rebuild those systems from scratch.”
The reason systems are being rebuilt is largely due to a shift in the focus of the attacker. What was once a financially motivated transaction has become a scenario where decryption isn’t possible even after paying the ransom.
“We’re seeing a shift away from the financial motivation towards just destructive in their nature so that even when people do pay the ransom, they’re not able to get the decryption key back,” Nelson reported. “The intent is solely to ensure their systems go down and they suffer system damage loss.”
So, how can organizations protect themselves against these kinds of business interruptions from ransomware?
- Backups – organizations need to maintain an ability to completely recover back even weeks or months. Ransomware authors are now even allowing their code to lie dormant for long period of time to ensure the ransomware cannot be easily removed by restoring a recent backup.
- Security Awareness Training – Backups are a reactive approach to protecting the organization from interruption. But keeping ransomware from ever grabbing hold of an organization is a much more effective – and less disruptive way – to keep the organization running. Security Awareness Training educates users on how to spot suspicious and/or malicious email, web pages, text messages, etc., elevating their sense of security to minimize their participation in phishing attacks, social engineering online, etc.