Do This and Stop Ransomware

Updated 11/01/2021

Cybersecurity

Ransomware is a threat that's very close to home. Yet too many business leaders are still under the impression that it won't happen to them...that is, until it does.

In fact, just last week one of our insurance partners called us to be part of their incident response team. They needed more boots on the ground**. Thirteen offices located here in Southern California were down from a ransomware attack.** It wasn’t just that their data was unavailable**, they couldn’t access any critical systems to run the business including their ERP system**, so inventory, payroll, and billing were all affected.

When our CTO arrived at their main office to assist, one of the owners asked, “What can we do to prevent this from happening again?”

“Training. You’ve got to train your people on how to recognize a phishing scam,” he replied.

Security Awareness Training is relatively inexpensive, ranging from $10-$60 per employee per year.  Compare that to the average ransomware payment of $170,000 or to the cost of downtime per hour, and security awareness training for your employees is a worthwhile investment.

Are You Making These 5 Common & Costly Mistakes Regarding Cybersecurity?

  1. No comprehensive security awareness training for your employees.
  2. No incident response plan. Your chances of experiencing a cybersecurity breach is 1 in 4 (while your chances of having your home robbed is 1 in 36). Without a plan, your time to remediate the situation increases, which increases cost of your downtime, and compounds the long-tail costs associated with a security breach.
  3. Security policies and procedures either do not exist or are not implemented across the organization. Security policies and procedures help to standardize security procedures and manage risk more effectively.
  4. No regularly scheduled vulnerability scans, penetration tests, and security assessments. These tools give you an opportunity to discover and fix critical issues before bad actors have an opportunity to exploit them.
  5. Vendor liability. Supply chain attacks can be the weakest link in your cybersecurity program. Require that your vendors have reasonable security measures in place.

Sources:
https://www.varonis.com/blog/likelihood-of-a-cyber-attack/

https://secure2.sophos.com/en-us/medialibrary/pdfs/whitepaper/sophos-state-of-ransomware-2021-wp.pdf

Data from the FBI 2012 crime report shows that we can expect one in every thirty-six homes in the United States to be burglarized this year, resulting in an average loss of $2,230 per break in (totaling $4.7 billion in property losses).