By now most of you may have heard about the ransomware attack suffered by smartwatch and wearable tech maker Garmin, courtesy of the WastedLocker virus.
Garmin is reported to have paid a ransom of millions of dollars, and services like Garmin Connect and Strava are beginning to return to normal.
What does this have to do with my business?
If a tech giant with the resources and infrastructure of Garmin can so easily succumb to an anonymous cyber attack, how much more easily could it happen to you?
Why would hackers target my business when they can go after bigger fish?
Although the average size of a ransomware victim is 645 employees, the 2019 Beazley Breach Briefing found that small-to-medium sized businesses are actually at the greatest risk because they generally spend less on data security.
In fact, the 2020 Verizon Data Breach Investigations report shows that 28% of breaches involved small business victims.
This is corroborated by Datto who report that 1 in 5 SMBs report having been hit by a Ransomware attack, with businesses that do not outsource their IT being at greater risk.
Learn how Net Defence IT Managed Service can help your business function securely and efficiently.
The average cost of a Ransomware attack is £65,000
What’s the big deal?
According to Coveware, the average cost of a Ransomware attack is approximately £65,000.
This number is skewed by high-profile cases and is probably closer to £10,000 for small businesses; however, there is a far more significant cost that you may not have considered – downtime.
The Covid-19 lockdown has been a major test of business’ resilience, and has demonstrated just how quickly small businesses can fail if they are unable to operate.
Datto reports that downtime costs resulting from Ransomware attacks are up 200% and downtime can cost as much as 23 times more than the ransom itself.
What would a week of downtime cost your business? What about two weeks? What about a month?
What should I be on the lookout for?
The Beazley report shows that business email compromises (BEC) or ‘phishing’ emails accounted for 24% of the overall number of incidents.
Phishing emails are a form of social engineering attack that happen when hackers obtain an employee’s email credentials or imitate an email address in order to trick others into transferring sensitive data or even funds.
Other leading causes of Ransomware attacks include:
- Lack of cybersecurity training
- Weak or predictable passwords
- Poor user practices
- Malicious websites and ads
Uncover your business’ internal vulnerabilities with Net Defence Security Testing.
How would your business recover if it was hit with a cyber attack today?
Although it remains to be seen exactly why Garmin decided to pay off their Ransomware attackers, one would have expected them to have a backup strategy in place.
Daily backups of their systems and data could certainly have prevented them from having to fork out millions of dollars.
A defined Business Continuity Plan (BCP) is essential for minimising your business’ downtime and ensuring that you are up and running again as soon as possible following a cyber incident.
The details of a BCP can vary greatly from business to business, but fundamentally it will involve having a copy of your critical systems and data backed up to an external source, usually in a datacentre away from your business premises.
This means that if your business falls victim to a cyber attack, you can simply restore your systems and data from the most recent backup version rather than being held ransom by hackers for fear of losing critical records.
Learn more about how Net Defence Backup & Restore can help protect your business.
Quick Tips to Protect Your Business
The National Cyber Security Centre offers some basic advice that you can put into action immediately:
- Use a firewall to secure your internet connection
- Choose the most secure settings for your devices and software
- Control who has access to your data and services
- Protect yourself from viruses and other malware
- Keep your devices and software up to date
Gain access to Cyber Liability Insurance by completing the government-backed Cyber Essentials accreditation with Net Defence.
Beazley goes even further, offering more practical tips to minimise your risk:
- Implement multi-factor authentication for remote access
- Provide regular anti-fraud training for employees
- Set up pre-determined codes to confirm requests for employees authorised to request fund transfers
- Limit the number of employees who can authorise transfers
- Apply the following checks if a vendor requests changes to its account details:
- confirm all requests by a direct call
- use pre-agreed phone numbers
- review all requests by a next-level approver before making any changes
- check that the address or bank account are the same as for previous payments
(Source: Beazley Breach Briefing – 2019)
Cyber incidents are a growing threat to businesses of all sizes, but taking the necessary precautions can help to keep your business secure and prosperous for the long haul.
If you’re unsure where to start or the appropriate level of action for your business, contact us and we’ll be more than happy to answer any questions you have.