Ransomware attacks are described as a modern-day epidemic, with a business expected to fall victim to the fastest-growing type of cybercrime every 14 seconds, according to a 2019 Cybersecurity Ventures report.
In short, ransomware is malicious software, or malware, spread through email or infected websites, that allows criminals to steal data and lock victims out of their computers and networks until a ransom is paid to the hackers.
For finance departments, a ransomware attack can mean the loss of sensitive data, customer confidence, and valuable work time.
Organizations and companies have lost billions in working hours and, in some cases, are paying ransoms — all told, $11.5 billion in losses were predicted worldwide in 2019, a number expected to rise to $20 billion in 2021, according to estimates from Cybersecurity Ventures.
The good news: a 2018 Internet Society’s Online Trust Alliance report states that 95% of data breaches in 2018, including those waged through ransomware attacks, were preventable.
“Prevention is better than cure,” said Alyn Hockey, vice president of product management for the U.K.-based cybersecurity firm Clearswift. “You can deploy technology and do training in your time, rather than when it’s too late.”
Experts offer the following steps for finance and accounting professionals for protecting data from ransomware.
Learn to spot a phishing email
Phishing is a fraudulent email designed to look like a message from a legitimate source that contains an infected attachment. For example, an email that looks like an invoice from Amazon may actually be from a criminal. Messages that have a link or attachment that downloads malware can infect systems companywide. According to Verizon’s 2019 Data Breach Investigations Report, 32% of breaches involved phishing.
Businesses can also be the target of spear-phishing, when the perpetrator employs personal information to single out individuals and make attacks more specific and personal. All employees, especially those with access to sensitive financial data, should know how to spot a phishing or spear-phishing email.
“Because ransomware is spread most often through phishing attacks, the best defense against ransomware is to be very careful with any email that you weren't expecting that contains attachments or links,” said Stu Sjouwerman, cybersecurity firm KnowBe4’s founder and CEO, in an email. “Always hover your mouse over links to ensure that the link is taking you to the intended website.”
Training is key, according to Sneha Kokil, a software security consultant at Synopsys, a global technology firm focused on bringing advanced technologies to businesses.
“Training employees on common attack vectors and signs of ransomware attack is a strong strategy for preventing successful attacks in the future,” she said. “Educate employees so that they’re able to identify malicious emails and know to avoid clicking links and attachments in such emails.”
Plan for the worst
Organizations should have a plan in place if the worst happens. Sam Curry, chief security officer of Cybereason, said resilience to attack is vital. Systems should be backed up, and a plan should be in place so business can continue. “If you’re hit, how do you maintain service and recover a known good state with as little lost productivity and service as possible?” said Curry.
Companies should be prepared on several fronts, including detecting a ransomware attack and ensuring data systems are backed up and available if primary systems are compromised. “It’s backup, it’s redundancy, and it’s recovery,” he said.
Test the plan
It isn’t enough to create a plan for the worst when it comes to a ransomware attack and file it away for the future. In the same way that a company conducts fire drills to test systems and an action plan, organizations should test their plan for a data breach often, learning each time what went well and what needs improvement.
“You don’t want to find out your backup tool doesn’t actually work when you need it to,” Hockey said. “If staff are familiar with having to perform a ‘fire drill’ like this, if the disaster actually does strike, there would be less panic amongst the teams having to recover the data.”
Communicate — fast and accurately
A company’s plan for the worst-case scenario isn’t just about ensuring system backups and technology workarounds. It’s also about communication — both internal and external. Hockey said that everyone in a company — from the finance chiefs on down — should have a communications plan in place for different stakeholders that addresses what to do when a ransomware attack hits.
“Create an incident response team comprising the key stakeholders including executives, HR, legal, IT, and your PR team,” Hockey said. “You may also work with third parties to assist you.”
Make sure any plan includes an identified representative to talk on behalf of the company to ensure consistent messaging; a map of all processes to follow, including whom to contact if a breach were to occur; a list of all internal and external audiences; and drafts of communications to be sent out, he said.
Finally, make sure that there’s a dry run so your teams will know how to act and react, Hockey said.