W^H? The Holmes Murphy Blog

  • Think Before You Click: A Lesson on Ransomware

    A ransomware attack is nearly impossible to prevent, and while traditional IT security measures are crucial in this everchanging environment, prevention often hinges on human vigilance. Warning employees to think before they click and initiating phishing exercises are crucial pieces to ransomware readiness and prevention.

    But before we get to that, I want to lay a little groundwork.

    What Is Ransomware?

    Ransomware is a form of malware that encrypts files on a device rendering them unusable. Malicious actors then demand a ransom be paid in exchange for the decryption code. While these ransoms in the beginning started out small, bad actors have quickly realized organizations are willing to pay even more money for their files. In fact, the average ransom demands have increased over 660 percent from 2015-2019.

    In 2020, there were 304 million ransomware attacks worldwide, and that number only includes the attacks that were reported to insurers. Even the U.S. Department of Justice has elevated some ransomware investigations to a similar priority level as terrorism in the wake of the Colonial Pipeline hack in June that disrupted the gas supply for thousands.

    What Are the Consequences of a Ransomware Attack?

    In addition to financial implications (including paying the ransom itself), there are other consequences that can be devastating to your organization. These include, but aren’t limited to:

    • Business income loss due to disruption or total cessation of your normal operation
    • Reputational harm or a stock price drop
    • Financial cost to restore systems, data, and files
    • Temporary or permanent loss of sensitive data or Internet Protocol (IP)
    • Danger to health or life in emergency services or healthcare sectors

    Is There Any Good News?

    Yes! It’s not all doom and gloom.

    As a member of TechAssure, our clients have access to several valuable pre- and post-breach resources through eRisk Hub. I’ve listed some of these resources below.

    12-Point Ransomware Survey

    This survey offers key tasks that small-to-medium enterprise management & IT administrators should consider to reduce exposure to ransomware and other threats. Upon completion of the survey, a scorecard is provided along with best practices for strengthening your ransomware defenses.

    Ransomware Stress Test

    This is provided through Tetra Defense and is a self-assessment and remediation tool that measures an organization’s susceptibility and ability to respond to a ransomware attack.

    ShadowNet Program

    Exclusive to TechAssure members, ShadowNet is a comprehensive cyber risk management and insurance program that includes risk analytics tools to identify malicious IP addresses and keep them hidden from cyber criminals/botnets.

    Three insurance carriers participate in this program and not only provide best-in-class coverage, but they also pay the fee for you to use the RiskAnalytics program. With this program, our insureds can be better, have better submissions to underwriters, and can ultimately have better insurance program results and better results as an organization.

    If you’re interested in learning more on any of this, don’t hesitate to reach out! We have cyber experts on hand to help and can walk you through all of the resources available.

    Plus, to see the first two blogs in our Cyber Security 7-part series, click here! Don’t miss out on our next installment coming August 26 and subscribe to our blog just to the right on this page!

    Published on: 08.12.21