How attractive is your organisation to a ransomware actor?

Many people falsely believe they are not a target for cyber attackers: that they, their systems, or accounts do not have any value. This could not be further from the truth. If you use technology in anyway, at work or at home – you have value to the bad guys.

In fact, according to NCSC, an average breach costs £600k-£1.15m. Turns out being a ‘cybercriminal‘ is a very lucrative ‘job’. With as many as 58 percent of victims, from every industry, paying ransom, we are all ultimately at risk. In the last three months alone the ransomware attacks in the UK increased by 80%, as hackers continue to take advantage of mass remote working. What makes the situation worse is that cybercriminals are not only using more sophisticated methods of attack but also became much better at targeting their victims based on a set of criteria.  Cybercrime is all about the money!

Making money from cyber crime

Hackers look for an easy target, some using a scatter gun approach, prodding and probing the systems to establish what is out there and how to progress with a successful attack.  Some actors will then sell this information onto others and take their money and run.

Other actors will then move on to a more targeted approach using malware and attack kits to exploit a gap to gain a foothold in the organisation.   The objective is simple: get inside the organisation, spread as much as possible to improve the chances of success and then exploit your findings. Cyber criminals can encrypt your data and put your information in the public realm. Then they will likely tell you and your customers or clients that you have been hacked to make you more likely to pay the ransom. Of course, there is no guarantee they will decrypt the data…

Are you a high value target? Welcome to the mind of a cyber criminal…

Blowing your (insurance) cover

Nowadays, cybercriminals factor expected value proposition into their selection strategy. This means they are targeting businesses that are most likely to pay out the ransom. If your organisation is based in Europe, you immediately fall into that category. This is because European businesses often take out an insurance against ransomware attacks and therefore have funds available to pay out and mitigate the damage. These companies are also generally more concerned about the privacy and compliance issues.  In the light of General Data Protection Regulation (EU GDPR) companies are expected to perform due diligence on protecting data and the people who have access to it.  Failure to do so results in fines standing at 2% of company turnover. The reputational damage alone can spell disaster for an organisation and the impact goes far beyond the initial outlay of a ransom demand.

Pay now or else…

Business operations keep the company running and earning money. Therefore, disruption these processes is, unfortunately, a great subject for a blackmail. Ransomware actors are most likely to target industries with services that can’t suffer prolonged downtime. This includes for example healthcare, law enforcement, local government, or utilities, where downtime can have catastrophic impact not only on the company but also potentially millions of  people.

Fast and easy payments

Even if you don’t match the above criteria, you are still in the crosshair. The cybercriminals are not patient and don’t like to work hard for their ill-gotten gains. They will prioritise companies that can pay the ransom quickly. Therefore, they will look for businesses that are cash rich and with less legal hurdles to go through in the event of an attack. This includes most of the privately held companies.

Also, if you already had a breach, you are in danger of being attacked again as anniversary attacks are more common than you would imagine. Finally, ransomware actors consider the ease of entry and whether they can target the industry in bulk, like they did with “WannaCry” ransomware attack on NHS in 2017.

I am ‘high value’ target, what should I do?

Although we are all subjects to cyberattacks, if you and your organisation meet all or some of these criteria, you are on top of cybercriminals’ list and they will focus all their efforts on extorting money from your organisation.

Best thing to do to protect your organisation is creating a Solid cybersecurity strategy:Learn more about cyber threats – the common tricks and techniques that are used against us and educate your colleagues on how to be safe in every aspect of your digital interaction.

Baseline your organisation – Understand the strengths and weaknesses of your organisational security, on premise, in the cloud and now more than ever from home.  Know your vulnerabilities as the bad actors will certainly exploit them and most importantly have a strategy to protect and secure your organisation. 

Know your risks and plan to mitigate against them with our Cyber risk assessment 

Test test and test again – In a connected world, more than ever one change in an organisation IT infrastructure can completely change the security posture.   

Take threat intelligence to feed your defence infrastructure, helping to protect you from known threats and published vulnerabilities.

Invest in a Permanent Managed Threat Protection to keep you secure now and into the future.

Add Dark Web monitoring to provide visibility into the ‘low hanging fruit’ bad actors will use against you.

Formulate a cyberattack response plan to get things under control as quickly as possible.

The cyber-security threats to your business are changing and evolving at breakneck speed. Finding the time, expertise and resource to respond to these threats can feel like a gargantuan task.

But don’t worry, by using the intelligence gathered from your network infrastructure coupled with expert knowledge of our security team, we’re here to help keep your business safe.

Contact Nowcomm now.