It was a typical Tuesday morning at a 250-employee non-profit organization. The business, like many others, relied heavily on computer systems in almost everything they did, so they had taken some basic precautions against cyber crime. But instead of just fighting through junk emails and phishing schemes and closing out a normal work day, one of their administrator’s workstations was hit with ransomware, and because this particular workstation had drives mapped to all of their servers, all seven were affected. It was a cyber stickup. And all of their data was being held…for a ransom.
The cyber attack took just 55 minutes to encrypt 75 gigabytes of information. The virus had penetrated most of their network before anyone even noticed what was happening. The organization had backups of their servers, but they knew that it would take days to restore them. So they opted to find out if they could decrypt their files first.
With bitcoins ready in a cyber wallet, the non-profit group was able to pay the $500 ransom within a few hours. The criminals were pretty quick, too, and they issued a decryption key soon after. The team immediately started the long ordeal of rescuing all of their files. Eighteen hours later, after pulling a nail-biting all-nighter, they got through all of the data, with only one of their older databases corrupted during the process.
This particular cyber-crime victim was lucky. Ransomware hitting a key employee like an administrator (or perhaps a CEO, controller, or CFO with a lot of access) can cause immense—and often irreversible—damage. And some businesses, even if they do pay the ransom, never get their hijacked data back. This group definitely dodged a bullet. This group also learned a lesson: Their cyber-risk plan needed a major upgrade.
The Growth Of Cyber Crime
Cyber security and losses from cyber crimes are a growing concern among businesses today. In fact, cyber risk moved up the top-10 global business risks in 2015, according to the fourth annual Allianz Risk Barometer Survey, climbing up to rank number 4 from number 8 in the previous year’s survey. In addition, cyber criminals are more sophisticated than ever as the cost of equipment has fallen, allowing new generations to develop elaborate attacks that evade even the most cutting-edge security systems. And because businesses are becoming more and more technology-dependent and interconnected, this only adds to the increased cyber-crime threat.
Undoubtedly, businesses across a wide range of industries are exposed to potentially devastating losses and costs as a result of cyber attacks and data breaches. Victims of recent attacks include well-known giants like Adobe, eBay, JPMorgan Chase, Living Social, Neiman Marcus, and Target. But the threat to small businesses is growing, as well. In fact, 60 percent of all online attacks in 2014 targeted small and midsize businesses…just like the non-profit organization in the aforementioned story.
Despite the statistics, however, many businesses think they’re invulnerable. Some even believe their company would be too small or too “boring” for hackers. That line of thinking is a mistake, states Vikram Thakur, principal security response manager for Symantec, a global leader in cyber security. “Small businesses retain very valuable information for hackers, like customers’ credit card numbers, intellectual property, and money in the bank,” he says. “Small companies are lucrative victims, too. That’s making the target on their back even bigger.”
The Significance Of A Cyber-Risk Plan
Considering that Symantec reports over 1 million victims of cyber crimes daily, businesses of all kinds and all sizes simply can’t afford to remain complacent or ignorant about the risk of becoming a target. And given the increase in such attacks, being unprepared is like playing security roulette, mentions Robert Siciliano, chief executive of IdTheftSecurity.com. “If you’re not deploying some level of security, you’ll go under,” he adds. “You have to make time for quality control. The worst thing you can do is nothing.”
If your business is ready to do something about cyber risk, be sure to join our complimentary, one-hour webinar on Wednesday, February 17, from 10-11 AM, CST. S.S. Nesbitt has the tools necessary to ensure you have the proper coverage to protect your company against losses from cyber attacks.
You’ll hear from panelist Robert Dowling, product manager for Cyber Risk Management Solutions at Dynetics, Inc. in Huntsville, Alabama, and Hank Stickley, RPLU, vice president for Socius Insurance Services, Inc. in Birmingham, Alabama.
As part of our Nesbitt Educational Discussion (NED) programming, our expert panel will explore the ins and outs of cyber risk and what your business needs to know going into 2016. You’ll gain valuable knowledge regarding:
- What cyber risk is and how it impacts businesses of every size;
- The nuances of cyber risk that may be causing hidden exposures for your business; and
- What measures are available to you now to help identify, transfer and mitigate your risks.
Register now via this link!
_________________________________________________________________________
