The ability to adapt — with technology-enabled human interfaces and workflows — has become an important aspect of maintaining and growing business as we define our “new normal”. In addition to disrupting businesses and peoples lives, #Covid19 is responsible for creating havoc with maintaining the security of our devices and the systems they connect to. There has been a surge in phishing attacks on remote workers this year. Email attacks are getting more sophisticated, impersonating your colleagues and trusted contacts. Email is the connective tissue that keeps a business running. It also presents cyber-criminals with the ultimate gateway into an organization. Email threats cost an estimated $1.77 billion in losses last year.
This year, attackers have doubled down on social engineering (i.e. phishing) to exploit the disruption caused by the #Covid19 pandemic and take advantage the subsequent spike in the use of online services. In April, for example, one survey found a 667% increase in malicious phishing emails during the pandemic, sent by scammers impersonating the UK government, the WHO, and the Centre for Disease Control and Prevention.
Global insurance broker giant Arthur J. Gallagher suffered a ransomware attack last Saturday. The ransomware attack is the latest in a long line of cyberattacks against financial institutions (FIs), which highlights the burgeoning threat they face amid lockdown restrictions. Large FIs' sizable total assets and vast amounts of customer data make them attractive targets—and as a result, malware attacks against FIs amounted to 25% of total global incidents in 2019, a higher proportion than any other industry.
What's more, the cyber threat has heightened during the pandemic, with online activity surging. Employees are working remotely and customers are migrating to digital channels to use FIs' services. Attacks on US Banks have spiked 238% during #Covid19 crisis. Underscoring the severity of the risk, the US Security and Exchange Commission issued a warning to US FIs in July regarding the heightened threat of ransomware attacks.
This month is Cybersecurity Awareness Month and continues to play a critical role in raising awareness to the online threats faced by small businesses and individuals alike. #ThinkB4UClick is this year's theme. To better combat this proliferating threat, small businesses should partner with cyberspecialist firms to deploy their digitally enhanced cybersecurity solutions. Partnering with cyberspecialists instead of building solutions in-house presents the opportunity to quickly roll out solutions to meet an immediate need.
Recognizing that there is no such thing as a “one-size fits all” approach, and that not all of these practices may be appropriate for every organization, we are also providing the following six observations to assist business owners in their consideration of how to enhance cybersecurity preparedness and operational resiliency to address ransomware attacks.
1. Incident response and resiliency policies, procedures and plans
Assessing, testing, and periodically updating incident response and resiliency policies and procedures, such as contingency and disaster recovery plans.
Response plans for various scenarios, including, among others, ransomware and other denial of service attacks.
Procedures for the timely notification and response if an event occurs, a process to escalate incidents to appropriate levels of management (including legal and compliance functions), and communication with the registrant’s key stakeholders.
2. Operational resiliency
Determining which systems and processes are capable of being restored during a disruption so that business services can continue to be delivered.
Focusing on a capability to continue to operate critical applications in the event that the primary system is unavailable.
3. Awareness and training programs
Providing specific cybersecurity and resiliency training, and considering undertaking phishing exercises to help employees identify phishing emails.
Training provides employees with information concerning cyber risks and responsibilities and heightens awareness of cyber threats such as ransomware.
4. Vulnerability scanning and patch management
Implementing proactive vulnerability and patch management programs that take into consideration current risks to the technology environment, and that are conducted frequently and consistently across the technology environment.
Ensuring anti-virus and anti-malware solutions are set to update automatically and that regular scans are conducted, and considering upgrading anti-malware capability to include advanced endpoint detection and response capabilities.
5. Access management
Configuring access controls so users operate with only those privileges necessary to accomplish their tasks (i.e., least privilege access).
6. Perimeter security
Implementing perimeter security capabilities that are able to control, monitor, and inspect all incoming and outgoing network traffic to prevent unauthorized or harmful traffic.
Related Articles: