Could Your Company’s Systems Be Held for Ransom?

Could Your Company’s Systems Be Held for Ransom?

October is National Cyber Security Awareness Month, and this year, the stakes are especially high. Many companies have had to switch to remote work arrangements in recent months, a transition that has created new risks and vulnerabilities. At the same, cybercriminals have been upping their game to take advantage of the situation.

Cybercrime resulted in losses of more than $3.5 billion in 2019, according to the FBI’s Internet Crime Complaint Center (IC3). A cyberattack could result in major financial losses in direct costs as well as business interruption. Know the risks and take steps to protect your company.

Business Email Compromise

Cyberattacks can come in many forms, but business email compromise (BEC) scams stand out as especially costly and insidious. In fact, approximately half of the losses reported in 2019 – $1.7 billion – stemmed from these attacks. The FBI has also warned of an increase in BEC attacks taking advantage of COVID-19 confusion.

In BEC schemes, an individual is targeted with messages that appear to come from a legitimate source, such as the CEO, a client or a vendor. After gaining the individual’s trust, the scammer will often request a wire transfer. Payroll diversion schemes have also been reported.

Ransomware

In some ransomware attacks, data is encrypted and “held hostage” until the victim pays a ransom. In other attacks, the cybercriminal may also threaten to leak the data unless the ransom is paid. Either way, these attacks can be incredibly disruptive.

All types of businesses can become victims to ransomware attacks. However, some industries are more vulnerable than others. According to Inside Construction, a report found that construction is the most targeted industry globally.

Some companies decide to pay the ransom because they are desperate to get their files back and resume business. However, this is not ideal for several reasons.

First, the ransom may be significant. According to a report from Coveware, ransomware payment demands have been increasing. In the first quarter of 2020, the average payment was $111,605, a 33% increase from the previous quarter. Some ransoms may be even bigger, sometimes reaching seven figures. According to Healthcare IT News, UC San Francisco paid $1.14 million to hackers. And according to ZDNet, experts from IBM have found that some ransomware attackers are tailoring the ransom request to the victim’s revenue, with ransoms as low as $1,500 and as high as $42 million.

Second, the FBI strongly advises against paying ransoms. Doing so may encourage more ransomware attacks in the future. Additionally, the Department of the Treasury recently warned that ransomware payments may violate OFAC regulations.

Protect Your Company

Don’t wait until it’s too late. Take proactive steps now to prevent devastating cyberattacks.

  • Have a cyber security expert audit your system to check for vulnerabilities.
  • Always use the most up-to-date versions of operating systems and software to ensure that you have all security patches.
  • Use anti-virus software. Install updates and run scans regularly.
  • Verify that remote workers are also using secure networks and programs.
  • Train all workers on cybersecurity best practices, including using strong passwords, using two-factor authentication, not clicking on suspicious links, and keeping an eye out for spoofed emails.
  • Create policies and procedures to verify all sensitive requests, such as wire transfers and changes to payroll.
  • Maintain secure backups of all essential files.

Finally, if you haven’t had a conversation about cyber risk with your insurance partner recently, now is a good time to talk to Propel.

Cybercrime resulted in losses of more than $3.5 billion in 2019, according to the FBI’s Internet Crime Complaint Center (IC3). A cyberattack could result in major financial losses in direct costs as well as business interruption. Know the risks and take steps to protect your company.

Business Email Compromise

Cyberattacks can come in many forms, but business email compromise (BEC) scams stand out as especially costly and insidious. In fact, approximately half of the losses reported in 2019 – $1.7 billion – stemmed from these attacks. The FBI has also warned of an increase in BEC attacks taking advantage of COVID-19 confusion.

In BEC schemes, an individual is targeted with messages that appear to come from a legitimate source, such as the CEO, a client or a vendor. After gaining the individual’s trust, the scammer will often request a wire transfer. Payroll diversion schemes have also been reported.

Ransomware

In some ransomware attacks, data is encrypted and “held hostage” until the victim pays a ransom. In other attacks, the cybercriminal may also threaten to leak the data unless the ransom is paid. Either way, these attacks can be incredibly disruptive.

All types of businesses can become victims to ransomware attacks. However, some industries are more vulnerable than others. According to Inside Construction, a report found that construction is the most targeted industry globally.

Some companies decide to pay the ransom because they are desperate to get their files back and resume business. However, this is not ideal for several reasons.

First, the ransom may be significant. According to a report from Coveware, ransomware payment demands have been increasing. In the first quarter of 2020, the average payment was $111,605, a 33% increase from the previous quarter. Some ransoms may be even bigger, sometimes reaching seven figures. According to Healthcare IT News, UC San Francisco paid $1.14 million to hackers. And according to ZDNet, experts from IBM have found that some ransomware attackers are tailoring the ransom request to the victim’s revenue, with ransoms as low as $1,500 and as high as $42 million.

Second, the FBI strongly advises against paying ransoms. Doing so may encourage more ransomware attacks in the future. Additionally, the Department of the Treasury recently warned that ransomware payments may violate OFAC regulations.

Protect Your Company

Don’t wait until it’s too late. Take proactive steps now to prevent devastating cyberattacks.

  • Have a cyber security expert audit your system to check for vulnerabilities.
  • Always use the most up-to-date versions of operating systems and software to ensure that you have all security patches.
  • Use anti-virus software. Install updates and run scans regularly.
  • Verify that remote workers are also using secure networks and programs.
  • Train all workers on cybersecurity best practices, including using strong passwords, using two-factor authentication, not clicking on suspicious links, and keeping an eye out for spoofed emails.
  • Create policies and procedures to verify all sensitive requests, such as wire transfers and changes to payroll.
  • Maintain secure backups of all essential files.

Finally, if you haven’t had a conversation about cyber risk with your insurance partner recently, now is a good time to talk to Propel.

Leave a Reply