Question: Does your business have over US$ 1 million stashed away to recover from a ransomware attack? Unless you have a solid cyber resilience strategy in place, I hope you answered ‘yes’. If not, you might want to consider one – a cyber resilience strategy, that is, not a ‘rainy day fund’.
Ransomware attacks are increasing, both in frequency and cost to businesses. They are expected to impact one business every 14 secondsby the end of 2019, up from every 40 seconds this year. This makes it hard to know how much an attack will cost businesses in downtime, lost revenue and ransom. But, $1 million is the averagefor Middle East organisations.
Globally, damages from ransomware attacks are expected to reach $11.5 billion in 2019. That’s up from $5 billion in 2017 and $325 million in 2015. These are massive increases every two years – and the trend is likely to continue. My point is that $1 million might be a conservative estimate in a few months’ time. Plus, the golden rule of cybersecurity is not to wonder if, but when you will be attacked. Honestly, assume you’re already a target.
In the case of a ransomware attack, your organisation needs to be able to recover quickly so employees can carry on with their day ‘business as usual’. This will help avoid losing valuable productivity, revenue, brand reputation – and, potentially, customers. And the best way to do that is by having a comprehensive cyber resilience for email plan in place.
A 2018 study by Vanson Bourne and Mimecast found that 52% of organisations had seen an increase in ransomware over the previous year. And, the longer an attack goes undetected, the bigger the financial and reputational damage, and the harder it is to recover. An alarming 71% of organisations that experienced a ransomware attack over the past year reported that downtime lasted for one day or longer, with three days of downtime being the average. Could your business survive if it came to a screaming halt for that long?
Keys to the kingdom
Ransomware is just one type of attack that businesses should be concerned about. Another way cyber criminals can access valuable information or money is through impersonation fraud. So, not only do criminals kidnap your king and demand money for his safe return; they sometimes also pretend to be your king – and it’s hard to spot the imposter.
Impersonation fraud is one of the most common attack vectors used by cybercriminals to gain access to company information, with global businesses seeing a 40% increase in this type of fraud. Typically, hackers masquerade as a high-ranking individual in the company. They send an email to someone, asking them to wire money or send them sensitive information. Because this person carries a lot of authority within the business, few people will object to the request.
If you received an email from your head of compliance, asking for personal data about your customers, you’d probably give them the information. You might not notice that the email was fake until it was too late because hackers use sophisticated techniques such as URL spoofing and domain similarities, which most office workers are not trained to spot.
When sensitive information gets into the wrong hands, it creates all sorts of problems for the business. Reputational and financial damage is one thing. Running into compliance issues is a whole other ballgame. The European Union’s General Data Protection Regulation, which came into effect in May last year,can impose fines of up to €20 million on companies that fail to protect European citizens’ personal information.
Batten down the hatches
Only 11% of global organisations conduct near-continuous training to help employees spot cyberattacks. Twenty-four percent of respondents have monthly training sessions and 34% have quarterly sessions. But monthly or quarterly training is not enough and the information being shared usually isn’t absorbed properly. This is because training sessions are seen as inconvenient by staff and are often boring. For the best results, businesses should conduct security awareness training continuously. More importantly, training should be engaging and interesting.
Security awareness training is a crucial aspect of a cyber resilience strategy and needs to be entrenched in the culture of an organisation – especially since 23% of global businesses are not confident that their employees can spot and defend against impersonation fraud.
But training alone will not deter cybercriminals from trying to ‘kidnap your king’ – your critical data, systems and, of course, your money. And becauseemail breaches account for 96% of security incidents, addressing this exposure should form the core of your cyber resilience strategy.
If you think your business is protected because you use Microsoft Office 365, I have bad news. In our latest Email Security Risk Assessment (ESRA) report, we found that incumbent email security systems are missing more than 25 percent of emails containing dangerous attachments in comparison to last quarter’s findings. The report also found that 17,403 malware attachments and 42,350 impersonation attacks were missed and delivered to users’ mailboxes.
Traditional, defence-only security approaches that rely on disparate technologies are no longer enough and will leave you chasing your tail. The only way to get ahead of cybercriminals is through cyber resilience for email, which will help you secure, preserve and continue the flow of information via email, even during an attack.
A key component of any cyber resilience strategy is email and data archiving, which allows you to immediately recover all your data in the event of an attack. This ensures your data is always protected and accessible to users. It also prevents a data hostage situation and means you never have to pay a ransom to get your data back.
Having a solid cyber resilience for email strategy prepares you for every stage of attack: it puts the right security in place before an attack happens, provides you with the durability to continue with business as usual during an attack, and helps you recover your data after an attack.
A robust email security inspection system should be able to score emails for potential impersonation attacks and either block, quarantine or flag them as suspicious before they reach the recipient’s inbox.
Essentially, they give you time to move the king to safety before the kidnappers arrive at your door. Who knows what arsenal they’re carrying and if you can fight fire with fire? If you only act after they’ve arrived, it’s probably already too late to save the king.
Discussion about this post