10 Keys for Reducing Ransomware Attacks

It will take more than raising premiums and putting more limits on the businesses that can qualify for cybersecurity insurance to prevent increased claims and higher costs.

Graphic of a lock with net in front

Some of the largest insurance carriers no longer pay ransoms. The Office of Foreign Asset Control (OFAC) has deemed many hackers terrorists, making it illegal for insurance companies to pay their demands. The insurance industry faces pressure to shift its solution from ransom payment to incident recovery as more businesses request coverage. And while the war in Ukraine has caused a slowdown in ransomware attacks, experts predict these attacks will soon come back with a vengeance. It's time to think about solutions that benefit the insured and the insurance industry.

Hackers are getting smarter, and their targets are getting smaller. In Q4 of 2020, the median size of companies that incurred ransomware attacks was approximately 235 employees. In Q2 of 2022, the median company size dropped to 105 employees. Small and medium-sized organizations with limited cybersecurity resources are easier to breach and often rife with data that can be ransomed or sold on the black market. Also, hackers know that breaching organizations of this size receives less attention from law enforcement. Still, any company that uses mobile technology, engages with external partners or vendors, accepts credit cards or other forms of online payment or stores confidential customer, partner or other digital information is susceptible to a cyberattack and, therefore, in need of cybersecurity insurance and strong cybersecurity measures.

According to Sophos' report, "The State of Ransomware 2022," ransomware attacks are happening more often, doing more damage and growing more sophisticated. Last year, 66% of surveyed organizations were hit by ransomware -- an increase from 37% in 2020. Last year, businesses experienced 50% more cyber attack attempts each week compared with 2020. Equally alarmingly, the average ransom payment increased from $84,000 in Q4 of 2019 to over $800,000 in 2021. What's more, the increasing ubiquity of cybercrime leads to more claims, so, when a business is attacked, they run the very real risk of facing a longer recovery time as insurance companies and incident responders' resources are stretched thinner with rising demand.

It will take more than raising premiums and putting more limits on the businesses that can qualify for cybersecurity insurance to prevent increased claims and higher costs; insurers must insist their clients be aggressive about cybersecurity protection. This doesn't mean simply installing off-the-shelf cybersecurity products that don't fully protect businesses from sophisticated threats. Businesses may be at greater risk than they realize. The costs to recover and rebuild after a ransomware attack include more than hiring a qualified incident response team. Companies must also factor in downtime, lost data, customer service and exposing customers' confidential data, all of which could be devastating.

See Also: Why Hasn't Cyber Security Advanced?

Thankfully, there are 10 critical cybersecurity components insurance providers can recommend to reduce their customers' cyber risk levels, including confirming the implementation of:

  1.  Multi-Factor Authentication (MFA): Too often, companies rely solely on single authentication tactics like Touch ID. However, smart devices can recognize more than one thumbprint, and even fake fingerprints can successfully bypass sensors at least once nearly 80% of the time. While not an entirely bulletproof solution, MFA effectively creates additional hurdles for would-be attackers. Confirm that your customers practice MFA, even if it simply involves the additional authentication step of sending a one-time SMS to a trusted user's device to ensure they're a valid user.

  2.  Endpoint Detection and Response (EDR): EDR is an endpoint security solution that continuously monitors end-users' devices to detect and respond to cyber threats like ransomware and malware. Urge your customers to seek out EDR solutions that provide these four critical capabilities, according to Gartner: the ability to detect security incidents, contain the incident at the endpoint, investigate security incidents and provide remediation guidance.

  3.  Immutable Backups: Unlike conventional data backups, immutable backups are files that can't be modified in any way. In the event of a ransomware attack or other data loss event, your customers can rely on immutable backups to instantly restore their assets and maintain regulatory data compliance requirements -- without having to pay any ransom fees to get their (likely compromised) data back.

  4.  Managed Detection and Response (MDR): MDR is a cybersecurity service that combines technology offerings and (human) expertise to provide threat hunting, monitoring and response. By helping your customers engage with MDR services, you can support them in quickly identifying and limiting the impact of cyber threats, and they won't need to hire additional, costly security staff to do so.

  5.  Patch Management: Patch management involves identifying, acquiring, testing and installing software patches (or code changes) that are intended to fix bugs, add features or address security vulnerabilities. Many businesses forgo patching their systems, assuming doing so could disrupt critical application integrations. However, failing to patch a system's vulnerabilities creates an open door for hackers to enter and wreak havoc.

  6.  Employee Awareness and Training: A company's cybersecurity is only as strong as its weakest link, and all it takes is one employee -- even a well-intentioned one -- to cause that chain to break. Make sure your customer organizations have employee awareness and training programs in place that formalize and enforce cybersecurity best practices, such as the use of strong passwords, MFA and accessing sensitive files only from trusted devices, for instance.

  7.  Privileged Access Management (PAM): PAM is a security mechanism used to identify, authorize, manage and monitor privileged users across an entire organization. By ensuring your customers are using PAM tools, you can help them deliver secure, privileged access to critical assets while also satisfying key compliance requirements.

  8.  Data Encryption: One of the most effective data security methods, data encryption translates data into another form so only users with access to a secret key or password can read it. By ensuring your customers encrypt their data, you can help them protect their private information, sensitive data and the communication between their applications and servers.

  9.  Email Filtering: Email filtering services check all incoming and outgoing emails for spam, malware and suspicious links, and then organize these messages into respective categories and folders. Implementing email filtering is an easy and accessible cybersecurity best practice that can ensure risks like phishing emails and malware never appear in your customers' inboxes.

  10. Attack Surface Monitoring: Attack surface monitoring involves the continuous identification and monitoring of attack vectors across an organization's entire IT infrastructure. Most importantly, it's done from the perspective of an attacker. Make sure your customer organizations regularly perform vulnerability scans and penetration tests to verify their actual attack surface. It's dangerous for companies to assume they have all their attack surfaces covered!

Experts predict a new wave of cybercrime and increased attacks on smaller businesses. Now more than ever, your customers need help reducing cyber risk, and, as their insurance provider, you're in a unique position to provide trustworthy support today. Confirm that your customer organizations (as well as your own!) are implementing key cybersecurity best practices and receiving support from experienced cybersecurity professionals that offer state-of-the-art services. The prosperity and longevity of your and your customers' businesses depend on it!

Art Ocain

Profile picture for user ArtOcain

Art Ocain

Art Ocain, CISM, MCSE, VCP, CCNA, is Airiam's VP of incident response.

He specializes in resilience engineering, cloud architecture, incident response, cloud strategy, virtualization, server and network administration and security, business continuity planning, disaster recovery, designing storage solutions, network design, web server management, email server management, web application development, database management and project management.

Previously, Ocain was president and COO of MePush, a cybersecurity and managed IT company acquired by Airiam in 2021.

He holds an MBA from University of the People.

Read More