2021 ransomware risks – and how to beat them

In a stunning attack, in early 2021 one of the Northern Territory’s government’s IT systems was brought down by a ransomware attack, disabling the system for three weeks. 

As this demonstrates, cyber criminals are becoming increasingly sophisticated and strident in the demands they make over the organisations they target. But there are steps business owners can take to reduce the risk of these fraudsters doing serious damage their firms. 

Troy Filipcevic is the CEO and a founder of Emergence Insurance, which specialises in cyber insurance. He stresses incidences of ransomware attacks are on the rise and ransom amounts are also increasing.

“Two half years ago, a typical ransom would be in the vicinity of $10,000 to $20,000. In the last six to 12 months, ransoms have been upwards of $250,000.”

Filipcevic notes ransomware is also evolving rapidly. “Eighteen months ago, victims would turn on their computer to find a message from criminals stating they have control of their data and a ransom must be paid to get it back. Now, the criminals take the data from the system and use it to extort the victim. They say, ‘if you don't pay that ransom, we're going to start leaking it on the dark web.’ They leak it onto the web until they get paid the ransom, and then they give it all back.”

In one recent case, Emergence paid out $350,000 to the hackers, but not before trying to negotiate a reduced ransom fee. “The criminals told us they had been in the business’ system for some time and they knew it had taken out cyber insurance and had the means to pay the full ransom, which they demanded.”

Additionally, while it’s easy to assume it’s only big organisations that are targeted by cyber criminals, they often exploit smaller firms.

“The reason for that is the bigger end of town typically has a cyber security function and small businesses don't have that luxury. Most outsource their IT to third party providers. So small businesses are a rich vein of opportunity for cyber hackers to exploit. Smaller firms think a ransomware attack won’t happen to them, but they are in the firing line and low-hanging fruit from a cyber hacker perspective,” says Filipcevic.

“Businesses with external IT support must check how their information is backed up and how regularly”

Defend your firm from a ransomware attack

Aside from taking out cyber insurance, there are other steps to take to reduce the risk of an attack.

Number one is training and raising awareness within the team. Make cyber security a priority in team meetings and ensure it is front of mind by displaying posters in the business that help to raise awareness of this risk. 

“Employee error is often how hackers access a business, usually by staff clicking on emails they shouldn't. Training and talking about this risk heightens awareness,” says Filipcevic. 

Many attacks come via emails with a COVID-19 theme, so it’s important to educate staff to be extra vigilant about these emails, especially those that appear to come from a government source. Similarly, cyber criminals often use the end of the financial year as an opportunity to send emails purportedly from the tax office. When a staff member clicks into the link on these emails, they allow criminals to access the business’ IT system.

Proper controls around access to information is also critical. The idea is to give staff members access only to the information they require to do their job and to restrict access to information outside their remit.

“So employees in the finance department should just have access to finance department files. Don't give them access to HR or manufacturing. Also use multifactor authentication using a two-stage login process to help keep the system safe,” he recommends. 

A third step is to regularly back up business information. Businesses with external IT support must check how their information is backed up and how regularly. This should also be a priority for firms with internal IT support. 

Says Filipcevic: “If the backups haven't been encrypted by the cyber criminals, or haven't been impacted in any way, it helps the businesses get back up and running pretty quickly and could even save the business.”

If the business is attacked, the first port of call should be its cyber insurance firm. Never start negotiations with criminals without doing this as this may compromise the eventual outcome.

Cyber risks will only increase as criminals get craftier and as threats become more devious. So talk to your Steadfast broker today to help you have the right cover in place so that in the event of attack, you’re back up and running as quickly as possible.