THE NEWS HAS been filled lately with various cyberattacks. One of the most notable was the May 7, 2021 attack on the Colonial pipeline. A hacker group was able to access the company’s database and requested a ransom payment. Colonial Pipeline paid $4.4 million to get access to their data. The company received a decryption tool to unlock the systems that hackers penetrated. The decryption tool provided by the hacker group, DarkSide, was helpful but, it ultimately was not enough to immediately restore the pipeline’s systems. The pipeline was shut down for six days.
While ransomware demands vary, demands in the millions, such as the Colonial Pipeline, are becoming commonplace. The eSentire Ransomware Report states that in 2021, six ransomware groups compromised 292 organizations between January and April. Per Business Insider, the highest- known ransom demand was for $30 million. According to Coveware Inc., a ransomware recovery company, the average ransom payment in the first quarter of 2021 was $220,298.
The FBI recommends that companies that are victims of ransomware attacks should not pay the ransom. Cybersecurity experts advise that there is no guarantee that a hacker will provide a working decryption tool even after being paid. There is also a potential for the company to become a target again. With this in mind, how is a company to protect itself from becoming a victim in the first place? While no defense is foolproof, there are some security measures to consider making it a bit more difficult for hackers.
What Can Companies Do to Mitigate Their Cyber Risk?
There are several steps a company can take that will assist in mitigating potential risks. One of them is to use Multifactor Authentication, also known as MFA, for things such as remote network access, privileged or administrative access, and remote access to email. MFA is a tool that helps fight identity theft or unauthorized access to company systems. Most of us have used MFA regularly without evening knowing what it is called.
MFA is the use of two or more authentication factors. For example, if a user wants to change their password on a social media account, the platform will send a text message or an email to confirm that the request is valid. Once a confirmation is received, via text or email, that the request is approved, the password will be changed. The three factors are shown in the graphic below:
Why Is Having MFA So Important?
According to Microsoft, 99.9% of account compromise attacks can be blocked by MFA. Cybercriminals are becoming smarter every day, and system users can have weak, reused, or improperly managed passwords. Therefore, having MFA can help by providing an additional layer of security to your systems. Not only should you have your employees use MFA, but also have any third-party who accesses your organization’s systems.
Given that the number of cyberattacks has increased, so have the frequency and severity of cyber insurance claims. This has led to insurance companies becoming stricter with their underwriting as well as rising premiums. Some insurers have decided they will not write new business if the applicant has not taken adequate security measures, or they may require coinsurance. MFA is usually one of the necessary security measures.
Security starts with knowing where your network vulnerabilities are. Most insurance providers offer network scans that review your networks to find vulnerable areas that could allow hackers to access or manipulate your data and/or network. If you have not done so already, make sure to discuss your cyber risks and coverages with your insurance provider.