Ransomware: Today’s Biggest Threat to Your Insurance Organization

David is the Senior Director of Information Security for ReSource Pro.

A need for better cyber risk management

In a 2020 AXA survey of risk management experts, cyber attacks were ranked the third greatest risk to businesses and consumers, surpassed only by infectious diseases and climate change. And it hasn’t taken long for cyber threats to make this year’s headlines.

The shutdown of the Colonial Pipeline this May due to a ransomware attack served as a stark reminder of the crippling effects a cyber attack can have as well as their increasing incidence. But while the demand for cyber insurance has grown significantly over the past year, high loss ratios suggest many businesses’ cyber risk management still need refinement.

How most ransomware attacks occur   

Ransomware operators typically gain access to a company’s systems when a victim within the company accesses a link or attachment contained in a phishing email. This enables the operators to execute malware that blocks or encrypts vital data or functions on the victim’s device as well as others on the network. Essential back-office functions such as payroll, accounts receivable, accounts payable, CRM, and file servers are prime targets for encryption.

After gaining access, ransomware attackers enlarge their footprint by breaking into unpatched systems—or computer systems that have not been routinely updated to fix security vulnerabilities—making the problem even more difficult to cure.

How do you create ransomware readiness?

Preparing your organization for a ransomware event, or other form of cyber attack, requires a comprehensive strategy. Below are a several items to consider when enhancing your organization’s cyber security and preparedness.

  • Security Fundamentals: Ransomware operators exploit multiple avenues in their attacks, focusing on unpatched systems. Critical vulnerabilities should be patched monthly, but should also be combined with fundamental IT practices, such as offline backups.
  • Awareness: Ensure your employees know how to identify suspicious communications as well as report any issues or concerns that may arise regarding potential security threats to the appropriate team members.
  • Triage: The cure for a cyber breach is harsh. Be prepared to shutdown internet connectivity to and from each affected office so that:
    • Communication with ransomware operators can be terminated
    • All infected systems can be cleaned, or else the operators will resume attacking and encrypting
    • IT teams can sweep, clean, and restore servers and data
    • IT teams can clean or reimage desktop computers
  • Preparedness: Key business leaders should be briefed to prepare for disaster recovery and business continuity processes, potential site shutdowns, and service interruptions in the event of a cyber attack.
  • Incident Response: Routinely rehearse incident handling, escalation, and key crisis processes, such as communication.

Ransomware represents a serious threat for companies both large and small, but even simple precautions, such as creating greater cybersecurity awareness among employees through yearly training and monthly bulletins, can reduce your risk significantly.

If you’d like to work with a partner dedicated to cyber safety and security, let’s start a conversation.