December 10, 2020

How to build a ransomware defense strategy for your business

Updated January 31, 2023

As cyberattacks continue to increase on businesses, make sure you have ransomware defense strategy in place to protect your company's assets.

We have all heard the stories — a city, hospital network or large organization suffers an insidious ransomware attack. The breach impacts the privacy and data of hundreds of thousands of people and adds up to multimillions of dollars to repair and rebuild the data infrastructure and reputation of the entity. If you think it can’t happen to your small or medium-sized business (SMB), here’s your official notice. It’s time to build a ransomware defense strategy, because you may be next. It’s also past time to add cyber coverage to your toolbox.

Cybersecurity industry analysts warn that SMBs are at ever-growing risk for cyberattacks. Hackers, it seems, have discovered that many SMBs are not paying attention to their cybersecurity. Ransomware attacks, in particular, have skyrocketed over the past several years, and the pace is only increasing. Ransomware attacks continue to be the fastest growing type of cybercrime, with Cybercrime Magazine projecting, in late 2022, that: “The frequency of ransomware attacks on governments, businesses, consumers and devices will continue to rise over the next 5 years and reach every two seconds by 2031.”

What is a business to do? The first step in your ransomware defense strategy is to put in place protective information technology (IT) measures — the sooner the better. The second step is to train employees on how to stay safe. The third step is to make sure you have an appropriate level of cybersecurity insurance to protect your business assets.

Ransomware basics

A ransomware attack is when a cybercriminal takes control of an organization’s computer systems or data by planting malicious software (malware), undetected. The ransomware enables the hacker to lock down programs; encrypt data, making it inaccessible; or even steal data. The hacker then demands the payment of a ransom — sometimes more than once — to release the programs or data. Even worse, regardless of payment, the hacker may choose to publicly leak or sell company data or the personal and financial information of anyone in the system, including customers and employees.

According to the latest Cyber Claims Study by Net Diligence, ransomware attacks accounted for more than 30 percent of cyberattack insurance claims in 2019. Of all types of cyberattacks on SMBs from 2015 to 2019, the study found ransomware to be the most lethal, inflicting the highest losses.

The study also found that over this time span, the average ransom increased from $36,000 to $175,000. These ransom amounts did not include additional, ancillary costs such as lost productivity; forensic investigation and damage assessment; communications with affected parties; infrastructure repair and data rebuilding; and relationship and reputation rebuilding, among other considerations. Those costs also went up, from $150,000 to $275,000 per incident. Ransom amounts and related expenses like these are enough to drive a company out of business.

Since these data were collected, things have gone from bad to worse. Cyberattacks multiplied in 2020, as work behaviors changed due to the pandemic. (Add it to the year’s list of unfortunate events.) As working at home increased, so too did the number of ransomware attacks.

How hackers get in

Two of the top entry points for ransomware infiltration are (1) improperly secured remote desktop protocol (RDP) connections and (2) employees who fall for phishing e-mails.

Many companies enable employees to access their file servers through insufficiently secured RDP. A properly secured remote-access system requires additional stopgap measures to thwart hackers, such as a firewall and encryption technology. Additionally, if your company server’s password is “password,” you should probably think about making your login credentials more cryptic and changing them regularly.

Another troubling point of entry arises when an employee falls prey to a phishing attempt. In fact, the vast majority (more than  90%) of cyberattacks begin with the more finely targeted e-mail tactic called spear phishing, in which cybercriminals target a specific person or department.

Phishing e-mails are very effective delivery mechanisms for ransomware. Phishing often involves enticing the victim to click on unsolicited links or visit a hacked or untrustworthy website. The victim then may divulge sensitive information such as the credentials for the RDP. They may also click a link that downloads nefarious code onto the user’s computer. Either way, the hacker gains entry to the computer system and wreaks havoc.

What you can do to protect your business

Your ransomware defense strategy should include the following actions as a starting point:

First, put in place protective IT security measures:

  • Work with a knowledgeable IT specialist to initiate proper protections and provide needed training.
  • Make sure you have the most current versions of your software, applications and operating systems and that they are updating regularly.
  • Ensure that your anti-virus and other cybersecurity software are operating correctly and are set to automatically update.
  • Create a disaster-recovery plan that includes strategic planning and documentation for rescuing your data in an emergency situation.

Second, train and require management and all employees to do the following:

  • Create secure passwords and update them frequently.
  • Guard company credentials and passwords carefully.

The third step is to make sure you have an appropriate level of cyber coverage to protect your business from cyberattacks. This may involve data breach coverage or cyber liability insurance.

The checklist above is a starting point for building a ransomware defense strategy. If successful, it will help you keep your organization’s important systems and sensitive information out of the hands of cybercriminals. You should work with a qualified IT professional to put these practices and more into place. Far more detailed cybersecurity checklists are also available from insurance companies and cybersecurity sources. Your Bradish agent can help you obtain the most effective cybersecurity insurance coverage to protect your business.

by Kris A. Mainellis