10 Nov Ransomware attacks are on the rise: why you need a cyber security strategy
As a wave of recent ransomware attacks hits prominent organisations around the world, the threat to Australian businesses is very real. The Australian Cyber Security Centre (ACSC) has seen a 15% increase in ransomware attacks over the last 12 months.
According to Accenture and reported by Insurance Business Australia, “cyber intrusion activity worldwide jumped by 125% in the first half of 2021 compared to the same period in 2020, with ransomware and extortion operations one of the major contributors behind this increase.”
Many small business owners may have the belief they only target large organisations but more smaller businesses are being exploited. This is generally due to a lack of professional cyber security support. With more people working from home due to COVID-19 there has been an increase in cyber threats everyday which affect individuals to small and large organisations.
What is ransomware?
Ransomware is a type of malicious software (malware). Once in your devices a range of access issues may occur including loss of access to files and, in some cases, even your devices. The cybercriminals will ask for a ransom to be paid to give you back access to your files/devices. Ransomware attacks can disable whole information technology (IT) systems for weeks.
The ACSC are urging businesses to be proactive and protect themselves from cyber security incidents as many are not prepared. To protect your business, you need to take steps to reduce the risk of attack with cyber insurance being one of many. It’s important to note, this is ‘one of many’ measures you should take, as cyber insurance can’t protect your business on its own.
Insights from the Cyber Security Cooperative Research Centre
In a recent report from the Cyber Security Cooperative Research Centre (CSCRC) and reported in insurance news, having insurance is “not a cyber security silver bullet and should be part of a package of measures.” The report also suggests there should be a ban on insurers providing ransom or extortion payments in an event of a ransomware or extortion attack. Cyber insurance policies can vary across the industry and usually the client will make the call to pay the ransom not the insurer. Most insurance providers have cyber security experts that provide guidance to clients during a cyber attack like ransomware or extortion and would work closely with the business’s IT supplier to resolve the issue as quickly as possible and hopefully prevent them paying the ransom.
Another key point that was mentioned in the report and in insurance news is “insured businesses could become complacent about cyber security.” This is where it’s important for a business to implement several different measures in the prevention of a cyber attack or to reduce the impact if there was one.
One recommendation in the report is that insurers work with IT providers to offer bundled cyber security packages. At Carollo Horton working along side IT providers such as Damian from T4B is important to us, not just in the event of a cyber claim but helping the client put measures in place to reduce the risk, such as procedures for automatic backups to software and business information, anti-virus software and other IT security measures.
How cyber insurance can work to protect your business from cyber extortion
Cyber insurance is designed to protect your business against a number of different cyber attacks or events. Businesses and people are more globally connected than ever before and many businesses are required to have protocols in place to protect their customer’s personal information.
Cyber insurance can cover cyber extortion, for attacks or threatened attacks against IT infrastructure, coupled with demands for money to stop attacks. Below is a claim scenario to show how insurance cover and good IT support works.
Extortion attempt insurance claim scenario
A person pretending to be technical support gained access to a manufacturing plant’s computer systems. This enabled them to pose as an insider, eventually gaining access to highly restricted information including customer trade secrets, bank details and other sensitive personal information. The hacker threatened to sell trade secrets to competitors and banking details on the black market and make sensitive personal information public unless the insured paid.
Cyber event protection solution
Cyber Event Protection covers key response costs including: IT forensics, crisis management and public relations, notification costs, credit and identity monitoring and pursuit costs against the perpetrator. It also covers mandatory data breach notifications, including notice to regulators because of the manufacturer’s failure to keep information secure. Defence and settlement costs for third party claims made against the insured are also covered.
Cyber insurance should be part of a ‘cyber security package’
Ransomware attacks are only going to increase, and cybercriminals are becoming more sophisticated with their attacks. Cyber security should be a priority for every business. Along with cyber insurance and good IT support, your cyber security strategy should include other measures such as regular cyber security training for employees and a plan for how they should respond if there is a cyber event and procedures for managing control and access to business information.
The Carollo Horton team has substantial industry knowledge and expertise to be able to provide your business with comprehensive advice and appropriate risk management and cyber insurance solutions. Contact us today for more information on our cyber essentials packages.
For more IT support and solutions on how you can protect your business IT infrastructure and reduce the risk of an attack contact Damian from T4B on 1300 042 122 or visit the website here.