You’ve probably heard the phrase, “it’s not if, it’s when”. Unfortunately, the phrase has truth to it. As cybercrime develops and RaaS grows in popularity, the likelihood of your business being breached gets stronger. So what happens if you get hacked? What can you do to reduce your risk? Continue reading for further insight on ransomware response and prevention.
2020…What a year, right? Especially for cybercriminals. With companies moving to remote work, cyberattacks skyrocketed. Unfortunately, attacks of all variety rose but none more so than ransomware which increased 150% from 2019. Not only did ransomware attacks surge, but so did the amount paid by more than 300%. Sadly, these types of incidents continue to become more common.
Already in 2021 we have seen a continued rise in ransomware with several high-profile attacks against critical infrastructure, private companies, and municipalities. As we move to 2022, ransomware will continue to evolve and become even more sophisticated and as Ransomware as a Service (Raas) continues to gain traction, targeted attacks will continue to increase.
You’ve Been Hacked! What Happens Next?
To start lets imagine the worst has happened, your company was hacked. In the case of a ransomware or other cyber extortion event, it is critical that you follow your company’s written incident response plan. If this document does not exist, we STRONGLY encourage you to change that. Senior management and legal council should be alerted as soon as possible.
Next, notify your insurance carrier so that it can determine whether there is coverage under the applicable cyber insurance policy. Your insurance carrier must pre-approve the offer to pay ransom prior to any communication to the threat actor.
Then the big question, to pay or not to pay? That is a question that can only be answered by the senior management team or often times, the board. A few questions to consider are as follows:
- Do the costs of refusal outweigh the ransom demand? Consider business disruption, impact to systems or customers, negative public or brand reputation.
- How sensitive is the data that has been compromised?
- Do you have backups, or does it need the decryption keys?
- Is the threat actor tied to a company that is on the U.S. Treat Department’s Office of Foreign Assets Control (OFAC) sanctioned-entity list or affiliated with a terrorist group? If yes, it may be illegal to the pay the ransom.
How Can You Reduce Risk?
So, that leaves us with the question, how can we reduce risk so these attacks don’t happen? While the likelihood of a breach is high at some point in the life of a company, there are a number of steps that can help reduce risk.
- Regularly review our company’s incident response plan to make sure it’s clear who handles what actions in the case of an attack.
- If your company does not have an incident response plan, implementing this should be your first step.
- Enable multi-factor authentication on ALL logins associated with your business.
- Train your employee to identify phishing attempts.
- Limit users with administrative privileges to systems.
- Test back-up systems regularly and make sure they’re segregated
- Asses the cybersecurity programs and protocols of your vendors
Our team is able to answer all your questions around ransomware response and prevention and any other security needs. Reach out for more information and to get started.