Ransomware remains a top cybersecurity threat for businesses, according to the latest Beazley Breach Briefing, an annual update on cyber trends produced by Beazley.
Ransomware attacks skyrocketed last year, according to the firm. The insurer’s in-house team of cyber breach experts, Beazley Breach Response (BBR) Services, reported the number of ransomware attack notifications against clients shot up 131% from 2018. The sums demanded by cyber criminals also rose exponentially, sometimes reaching seven or eight figures, Beazley said.
The two most common forms of ransomware attack were phishing emails and breaching poorly secured remote desktop protocol (RDP), Beazley said. RDP enables employees to access their work computers or the company’s primary server from home.
“With the convenience of enabling employees to work from home, using RDP can make IT systems more susceptible to attack without the right security measures in place,” said Katherine Keefe, global head of BBR Services. “The coronavirus has forced many more employees to work from home, and in this pressured environment it is very important that companies take the right steps to reduce the vulnerability of their IT infrastructure. Always ensure employees can access their computer using a virtual private network with multi-factor authentication. It is important to whitelist IP addresses that are allowed to connect via RDP, and make sure that unique credentials for remote access are in place - particularly for third parties.”
In 2019 and 2020, BBR Services saw an increase in attacks reported by policyholders whose systems were breached by cyberattacks against their IT managed-service providers. In some cases, the attacks halted the operations of hundreds of customers downstream from the IT provider, Beazley said.
“BBR Services handles thousands of breaches every year, and our data demonstrates how ransomware has developed into a more serious and complex threat over the past four years,” Keefe said. “Early on, ransomware was typically used to encrypt data as leverage for a ransom demand. However, more recently, attackers have been using ransomware variants in tandem with banking Trojans such as Trickbot and Emotet. This two-pronged attack leaves organisations not only with the debilitating impact of its critical systems and data being encrypted, but with the added risk of the data being accessed or stolen.
“Although these attacks can be damaging and complex, some of the most effective preventative measures are relatively simple,” she said. “More than ever, organisations need to ensure their IT security measures are a top priority and up-to-date, that they have access to authoritative, experienced risk management advice, and, importantly, that employees are trained and alert to the potential threats.”