Cybersecurity awareness training is included with the security services that we provide to our clients here at Bellwether. We do this because we understand that cybersecurity isn’t just about technology. It’s about behavior and training people in best practices so they don’t inadvertently let a cyber intruder onto their device and into their employer’s network.
July has become known as Ransomware Month to remind people of the threat that this kind of malicious software poses to companies everywhere. Ransomware is just one kind of malware that pervades the internet. Why focus on this one kind and not the others?
Ransomware is a big problem and incurs big costs to victims. Here are some stats about the global cost of ransomware:
- $10M was the median cost of a ransomware attack in 2022
- Ransomware-related cyber insurance claims rose 77% in Q1 of 2023
- Human behavior was responsible for 74% of attacks in 2022
The way to avoid these costs is to avoid becoming a victim, and that’s where the value of cybersecurity awareness training shines through. By training people to recognize the ways that cyber-criminals try to gain access to computers and giving them the proper steps to take when they do, significantly lowers the risk that you’ll have a ransomware attack.
What is Ransomware?
Let’s go into more detail about ransomware and how it works to deepen your understanding of this cyber-criminal tactic and how it works.
While ransomware prevents you from accessing your data, that isn’t the only threat that an attack presents. Cyber-attackers also use extortion, threatening to expose your data if you don’t meet their demands. That’s why having backup copies of your data doesn’t provide any insurance against a ransomware attack.
In fact, cyber-criminals often practice double extortion. That means they demand payment for both the key to decrypt the data that’s being held hostage, and for the promise to not expose it. In fact, 80% of all ransomware attacks involve double extortion or even quadruple extortion!
Would you trust a cyber-criminal’s promise that they would NOT expose your data even if you paid? That’s yet another reason why you’d want to avoid becoming a victim.
How Does Ransomware Work?
There are three main entryways for ransomware to enter an IT system.
- Social engineering and phishing
- Unpatched vulnerabilities
- Weak passwords and poor identity management
Your IT department can take care of patching software, and they can institute policies and technical measures to protect online accounts. But they can’t prevent your people from succumbing to social engineering attempts. That’s where cybersecurity awareness training comes in.
Without training, it’s more likely that a person won’t recognize a phishing email and they may click on a link that downloads ransomware. What happens next is that the software sends a message back to its controllers. At this point, the controllers can send the ransomware instructions on what to do next.
What happens after that could be that it immediately encrypts data and accounts, or it may spend some time snooping around to gather information that allows the intruders to do a more targeted attack. The amount of time that the program can remain undetected is determined by the kind of security software that is being used. For example, having Managed Detection and Response (MDR) will greatly reduce the chance that an intruder can get beyond the device that it exploited.
Incident Response Plan for Ransomware
Ransomware should be a scenario that you include in your cybersecurity incident response plan. Your plan should include activities like:
- Shut down or disconnect affected devices.
- Determine the extent of the breach.
- Communicate with internal and external audiences.
- Decide on how to respond to cyber-criminals.
- Recover and restore IT systems.
Part of your incident response is going to be to decide if you’re going to pay the ransom or not. It might seem like paying is the only option if you want to avoid double extortion, but in some cases it may be against the law to pay the ransom.
Getting good advice is essential to know the right steps to take. If you have cyber insurance, your carrier may provide access to experts who can guide you on the right steps to take and assist you in communicating with the cyber-attacker.
Defend Against Ransomware with Layered Strategy
Clearly, it’s a better experience for everyone if you can avoid a ransomware attack and cybersecurity awareness training is an essential layer in cybersecurity strategy. As mentioned earlier in this article, the costs of an attack is high. What’s more, some companies never completely recover from the damage to their reputation.
Here at Bellwether, we partner with clients to create cybersecurity strategy that helps them face the risks that threaten their businesses every day. The result is that executives are confident that they’re doing everything they can to avoid becoming a victim of cyber-crime. If you don’t have that confidence, we should talk.