May 3, 2017

Now that we’re firmly in the second quarter of the year, it’s clear that ransomware attackers have intensified their assault on organizations. New customers have been telling us about their own past attacks, the ransoms they’ve paid and the data they’ve lost, and asking how they can deal with the next ransomware disaster in a smarter and more cost-effective way. We’ve noticed that many of them are in financial services and healthcare, which seem to be favored targets for attack.

So we were interested to read some findings from Beazley Breach Response, an insurer that helps clients handle data breaches. They shared their observations on the rise of ransomware; specifically, they saw incidents double between 2014 and 2015 – and then quadruple in 2016.

Based on their data this year, Beazley projects these attacks will double again in 2017.

If those numbers terrify you, you’re not alone. Especially in financial services, where a variety of users – brokers, customers, loan officers, bank tellers and more – depend on a ceaseless flow of transactions. But there are measures every team can take that can eliminate the need to pay the ransom.

Let’s look at why ransomware has become so effective. One reason is, according to Beazley,

“Evolving ransomware variants enable hackers to methodically investigate a company’s system, selectively lock the most critical files, and demand higher ransoms to get the more valuable files unencrypted.” As with any successful market, more people have gotten in on the act: “The proliferation of hackers has made formerly minor mistakes much more dangerous.”

Here are the specific types of financial institution data breaches they saw in 2016:

• Hacks and malware: 40% - up from 27% in 2015
• Unintended disclosure, such as misdirected emails: 28% - up from 24% in 2015

Those were the top two types. Inside malfeasance accounted for 7% and payment card fraud for 4%, with physical loss and portable devices tied at 6%. Another 9% fell into the other/unknown category.

With 40% of incidents coming from targeted attacks, it’s clear organizations need to strengthen their security posture to fortify against future ransomware attacks. The below tactics will serve your organization in different ways, from protecting your perimeter to making your team more efficient to recovering faster from an attack.

• Employee education and training. Social engineering and phishing scams may seem obvious to security practitioners, but it only takes one untrained employee to fall for one. Training staff on common threats and cybersecurity hygiene can go far in stopping a ransomware or other attack.
• Prevention and detection tools. Strengthening the perimeter with authentication controls, threat intelligence services and other tools are a must for blocking criminals or discovering attacks before they do significant damage.
• Risk assessments. Designing a cost-effective security program depends on understanding where your valuable and sensitive data is and the most likely incidents that could threaten it.
• Strong backup and disaster recovery. Speed is the make-or-break factor in a ransomware attack. If you can quickly failover to an accurate and high-performing backup, you’re home free. If not… get ready to shell out some bitcoin. A powerful BDR solution is your ticket out of a ransomware attack.
• An incident response plan. Anxiety is natural when a ransomware screen rises up, informing you that your data is held hostage. But with clear and documented plan, your team can keep chaos to a minimum and respond effectively.

It’s clear that ransomware incidents will continue to escalate, especially for financial services and other fields where accessible data is critical. Only fortifying measures are effective at dealing with an attack if and when one comes. Beazley also offered up some statistics on the attacks in the healthcare field; we’ll take a look at those next week.