Question: Does your business have over $1m stashed away to recover from a ransomware attack? Unless you have a solid cyber resilience strategy in place, I hope you answered ‘yes’. If not, you might want to consider one – a cyber resilience strategy, that is, not a ‘rainy day fund’.
Ransomware attacks are increasing both in frequency and cost to businesses. They are expected to impact one business every 14 seconds by the end of 2019, up from every 40 seconds this year. This makes it hard to know how much an attack will cost businesses in downtime, lost revenue and ransom. But, $1m is the average for Middle East organisations.
Globally, damages from ransomware attacks are expected to reach $11.5bn in 2019. That’s up from $5bn in 2017 and $325m in 2015. These are massive increases every two years – and the trend is likely to continue. My point is that $1m might be a conservative estimate in a few months’ time. Plus, the golden rule of cybersecurity is not to wonder if, but when you will be attacked. Honestly, assume you’re already a target.
In the case of a ransomware attack, your organisation needs to be able to recover quickly so employees can carry on with their day ‘business as usual’. This will help avoid losing valuable productivity, revenue, brand reputation – and, potentially, customers. And the best way to do that is by having a comprehensive cyber resilience for email plan in place.
A 2018 study by Vanson Bourne and Mimecast found that 52 percent of organisations had seen an increase in ransomware over the previous year. And, the longer an attack goes undetected, the bigger the financial and reputational damage, and the harder it is to recover. An alarming 71 percent of organisations that experienced a ransomware attack over the past year reported that down-time lasted for one day or longer, with three days of downtime being the average. Could your business survive if it came to a screaming halt for that long?
Ransomware is just one type of attack that businesses should be concerned about. Another way cyber criminals can access valuable information or money is through impersonation fraud. So, not only do criminals kidnap your ‘king’ and demand money for his safe return; they sometimes also pretend to be your ‘king’ – and it’s hard to spot the imposter.
A robust email security inspection system should be able to scour emails for potential impersonation attacks
Impersonation fraud is one of the most common attack vectors used by cybercriminals to gain access to company information, with global businesses seeing a 40 percent increase in this type of fraud. Typically, hackers masquerade as a high-ranking individual in the company. They send an email to someone, asking them to wire money or send them sensitive information. Because this person carries a lot of authority within the business, few people will object to the request.
If you received an email from your head of compliance asking for personal data about your customers, you’d probably give them the information. You might not notice that the email was fake until it was too late because hackers use sophisticated techniques such as URL spoofing and domain similarities, which most office workers are not trained to spot.
When sensitive information gets into the wrong hands, it creates all sorts of problems for the business. Reputational and financial damage is one thing. Running into compliance issues is a whole other ballgame. The European Union’s General Data Protection Regulation, which came into effect in May last year, can impose fines of up to €20m ($22.7m) on companies that fail to protect European citizens’ personal information.
Only 11 percent of global organisations conduct near-continuous training to help employees spot cyberattacks. Twenty-four percent of respondents have monthly training sessions and 34 percent have quarterly sessions. But monthly or quarterly training is not enough and the information being shared usually isn’t absorbed properly. This is because training sessions are seen as inconvenient by staff and are often boring. For the best results, businesses should conduct security awareness training continuously. More importantly, training should be engaging and interesting.
Security awareness training is a crucial aspect of a cyber resilience strategy and needs to be entrenched in the culture of an organisation – especially since 23 percent of global businesses are not confident that their employees can spot and defend against impersonation fraud.
But training alone will not deter cybercriminals from trying to ‘kidnap your king’ – your critical data, systems and, of course, your money. And because email breaches account for 96 percent of security incidents, addressing this exposure should form the core of your cyber resilience strategy.
If you think your business is protected because you use Microsoft Office 365, I have bad news. In our latest Email Security Risk Assessment (ESRA) report, we found that incumbent email security systems are missing more than 25 percent of emails containing dangerous attachments in comparison to last quarter’s findings. The report also found that 17,403 malware attachments and 42,350 impersonation attacks were missed and delivered to users’ mailboxes.
Impersonation fraud is one of the most common attack vectors used by cybercriminals
Traditional, defence-only security approaches that rely on disparate technologies are no longer enough and will leave you chasing your tail. The only way to get ahead of cybercriminals is through cyber resilience for email, which will help you secure, preserve and continue the flow of information via email, even during an attack.
A key component of any cyber resilience strategy is email and data archiving, which allows you to immediately recover all your data in the event of an attack. This ensures your data is always protected and accessible to users. It also prevents a data hostage situation and means you never have to pay a ransom to get your data back.
Having a solid cyber resilience for email strategy prepares you for every stage of attack: it puts the right security in place before an attack happens, provides you with the durability to continue with business as usual during an attack, and helps you recover your data after an attack.
A robust email security inspection system should be able to scour emails for potential impersonation attacks and either block, quarantine or flag them as suspicious before they reach the recipient’s inbox.
Essentially, they give you time to move the ‘king’ to safety before the kidnappers arrive at your door. If you only act after they’ve arrived, it’s probably already too late to save the ‘king’.
Subscribe to Arabian Business' newsletter to receive the latest breaking news and business stories in Dubai,the UAE and the GCC straight to your inbox.