Posted on Aug 12, 2022
Ransomware attacks are hitting small businesses. These are experts' top defense tips
395
5
1
3
3
0
https://www.npr.org/2022/08/12/ [login to see] /what-experts-think-companies-should-do-when-ransomware-strikes
Over recent years, cybercriminals have targeted governments and small businesses alike in massive digital heists — making hundreds of millions of dollars in 2021 alone in exchange for unlocking victims' systems. As the attacks got more high profile, peaking after Colonial Pipeline's shutdown last spring led to fuel shortages across the East Coast, the need for solutions became more desperate.
In 2021, U.S. government officials, academics, and members of think-tanks and the private sector formed the Ransomware Task Force. Its latest report was published in early August with the help of the Center for Internet Security. The report is designed to give small and medium sized businesses a checklist of step to prepare for, defend against, and recover from ransomware attacks, using data about attacks and what strategies have worked in the past.
Over recent years, cybercriminals have targeted governments and small businesses alike in massive digital heists — making hundreds of millions of dollars in 2021 alone in exchange for unlocking victims' systems. As the attacks got more high profile, peaking after Colonial Pipeline's shutdown last spring led to fuel shortages across the East Coast, the need for solutions became more desperate.
In 2021, U.S. government officials, academics, and members of think-tanks and the private sector formed the Ransomware Task Force. Its latest report was published in early August with the help of the Center for Internet Security. The report is designed to give small and medium sized businesses a checklist of step to prepare for, defend against, and recover from ransomware attacks, using data about attacks and what strategies have worked in the past.
Ransomware attacks are hitting small businesses. These are experts' top defense tips
Posted from npr.org
Posted >1 y ago
Responses: 1
Posted >1 y ago
PO1 William "Chip" Nagel
..."The money
One of the biggest quandaries for companies hit by ransomware is whether to pay to unlock their files, action that the FBI discourages but is sometimes difficult to avoid when critical functions are disrupted by the attack.
But there's also a cost to lost business, reconstituting systems, hiring incident response experts, and repairing damages. Cyber insurance policies can be helpful to offset those costs.
However, sometimes companies struggle with understanding or feeling fully protected by those policies. According to a recent study from Blackberry and Corvus Insurance, a high percentage of companies said they would hesitate to get into business with organizations that aren't covered by cyber insurance, recognizing its importance. However, just 14 percent of small and medium-size businesses have policies that cover over $600,000, restrictions that led more than half of respondents to say they hoped for more financial assistance from the government, particularly when attacked by a nation state. Many companies said there's a lack of transparency from some firms about what is actually covered by their policies, which are constantly getting more expensive.
Davis Hake, the co-founder of Resilience Insurance and one of the co-authors of the blueprint, told NPR that a more symbiotic relationship between the insurance industry and small and medium-size businesses could be beneficial.
If insurance companies require their policy holders to implement the action items in the blueprint, or offer to help them put those things in place, he said, it will help increase resilience and, hopefully, limit costly payouts.
"We're very good at pricing the risk and using that data to understand that as an industry," Hake said in an interview. "But what I really think is the industry needs to move from not just pricing the risk, but also learning how do we protect our risks."
..."The money
One of the biggest quandaries for companies hit by ransomware is whether to pay to unlock their files, action that the FBI discourages but is sometimes difficult to avoid when critical functions are disrupted by the attack.
But there's also a cost to lost business, reconstituting systems, hiring incident response experts, and repairing damages. Cyber insurance policies can be helpful to offset those costs.
However, sometimes companies struggle with understanding or feeling fully protected by those policies. According to a recent study from Blackberry and Corvus Insurance, a high percentage of companies said they would hesitate to get into business with organizations that aren't covered by cyber insurance, recognizing its importance. However, just 14 percent of small and medium-size businesses have policies that cover over $600,000, restrictions that led more than half of respondents to say they hoped for more financial assistance from the government, particularly when attacked by a nation state. Many companies said there's a lack of transparency from some firms about what is actually covered by their policies, which are constantly getting more expensive.
Davis Hake, the co-founder of Resilience Insurance and one of the co-authors of the blueprint, told NPR that a more symbiotic relationship between the insurance industry and small and medium-size businesses could be beneficial.
If insurance companies require their policy holders to implement the action items in the blueprint, or offer to help them put those things in place, he said, it will help increase resilience and, hopefully, limit costly payouts.
"We're very good at pricing the risk and using that data to understand that as an industry," Hake said in an interview. "But what I really think is the industry needs to move from not just pricing the risk, but also learning how do we protect our risks."
(2)
Comment
(0)
Read This Next