It’s common knowledge in the cybersecurity industry that ransomware is on the rise, with median demands rising 20% year-over-year across virtually all industries. But it’s not only the ransom sums themselves that are escalating; threat actors are engaging in increasingly aggressive tactics and techniques to extort their victims. It’s imperative that IT leaders and businesses without the resources to fight back against attackers understand what to do in the face of these new strategies.
The reason that small- and medium-sized organizations need to re-up their incident response plan is that low-profile and locally owned businesses are no longer invisible to cyberattacks. Threat actors have historically gone after targets like healthcare centers, banks and other places that hold highly sensitive data because that data, when encrypted, is worth more money in a potential ransom. But even mom-and-pop stores are starting to see ransomware cases rise, with 60% of SMB’s reporting that ransomware was a concern for them last year.
The reason is simple; it’s easier for attackers to scare local businesses into fulfilling their demands than large enterprises that likely have dedicated security resources and incident response plans in place. In many cases, it’s impossible to prosecute these cyber criminals because they’re anonymous and operating from countries with no extradition agreements with the U.S. So without the risk of any real legal consequences, they can employ similar tactics that car dealership salespeople use with new customers, which is to throw out a high price and hope the buyer –– or SMB owner –– doesn’t see through their bluff.
In other cases, attackers can threaten violence or use AI to spoof voice clips, video clips or social media accounts that imply physical harm could be done if they’re not paid. None of these threats are legitimate, as these attackers are halfway across the world, but they can be scary to an unsuspecting business owner.
If mom-and-pop shops deal with these types of attacks on their own, they might think there’s no way out of their mess without paying. But thankfully, as attackers evolve, so do incident response techniques designed to thwart them. IR practitioners know that the more they can delay any action in communicating with cyber criminals, the higher the likelihood that the threat actor will either lower the ransom or drop it entirely and move onto their next target. Practitioners also understand that the scare tactics they employ on their victims are hollow threats, and pushing back on these threats discourages threat actors from upping their demands. Many of these threat actors inflate their demands because they’re indebted to the developers of the ransomware they’re using, and taking that into context helps security experts understand how to force an attacker to lower their price.
Crucially, however, businesses should also mitigate the effectiveness of ransomware attacks by acquiring a cyber insurance policy that meets their needs. Cyber insurance policies act as liability insurance that can assist with paying expenses in the event of an actual cyber incident, including remediation, data restoration and potentially a ransom payment.
Cyber insurance policies also serve as motivation for businesses to review and update their security posture in general, because the more secure they are, the lower the cost of their insurance premium. That means implementing identity access management measures like multi-factor authentication, using VPN’s, requiring strong passwords and regular security awareness trainings all play a role in saving a security-savvy business money on their insurance policy.
Taking on threat actors can be a daunting experience for an average organization, which is why it’s always a good idea to reach out to a cybersecurity vendor or law enforcement when a cybersecurity incident occurs. With outside help to reduce cyber risk, SMB’s can worry less about ransomware and spend more time on growing their business.
About the Author
Kerri Shafer-Page is Vice President of Incident Response at Arctic Wolf. Previously, Kerri served as the Global Cyber Claims Practice Leader at AIG and held several roles at IBM, most recently X-Force Incident Response, Global Operations Lead. Consistently, Kerri has been responsible for overseeing cybersecurity business direction and managing teams responsible for keeping customers safe. At Arctic Wolf, Kerri and her team work alongside teams like insurance, threat intelligence, security services and beyond to ensure that customers are protected and supported on all fronts. She maintains and enhances the incident response processes in place and constantly looks for new ways to bolster security across Arctic Wolf and its customers environments.
Kerri can be reached at our company website https://arcticwolf.com/
Source link
