The Basics • Ransomware is malicious software that blocks access to computer systems or files until you pay a sum of money to the cybercriminals who have infiltrated your business. They gain access by exploiting system vulnerabilities (sometimes through a third party or vendor that has access to your system) or by luring your employees into clicking on links or attachments or responding to phishing emails or “smishing” texts (phishing through SMS texts). • The $1.1 billion tally of ransoms paid in 2023 was particularly shocking because it nearly doubled the $567 million in ransoms paid out in 2022. • Not including the payouts, the average cost of a ransomware attack — including detection and escalation, notification, post-breach response and lost business — rose to $5.13 million in 2023, which represents a 13% increase from 2022. • Federal and international law enforcement have deployed extensive efforts to minimize ransomware attacks on a global scale. In fact, the FBI and UK National Crime Agency made headlines as they implemented “Operation Cronos” and disrupted one of the world’s most potent ransomware attackers. • Despite law enforcement’s efforts to smother these cyber threats, experts project an increase in cyber syndicates in 2024. Allan Liska, threat intelligence analyst at cybersecurity firm Recorded Future, commented, “A major thing we’re seeing is the astronomical growth in the number of threat actors carrying out ransomware attacks.” Recorded Future reported 538 new ransomware variants in 2023. 5-Step Plan for Businesses to Prevent Costly Ransomware Attacks in 2024 1. Provide Updated Cybersecurity Training You should provide updated and robust cybersecurity training to all your employees (including very busy executives) on an annual basis. According to the 2023 Cost of Data Breach Report (CODBR), phishing and compromised credentials were the most common initial attack vectors for data breaches, demonstrating that threat actors still count on a shortfall in employee oversight to gain access to valuable, confidential data. The latest data from the CODBR also suggests that cybersecurity training is a wise investment for employers. In 2023, organizations with a high level of employee training that suffered a data breach incurred a significantly lower-than-average cost in managing and responding to the data breach incident. On average, data breaches cost $770,000 less for organizations with a high level of employee training and $640,000 more for organizations with low levels of employee training. This data underscores the importance of ensuring that all employees with access to sensitive data are familiar with the basic principles of data security. Make sure to train them to understand the red flags that will help them detect phishing emails and other common tactics used to compromise credentials. 2.Maintain and Test Your Incident Response Plan Create, maintain and exercise a data security incident response plan (which addresses all data security incidents, not just those rising to the level of a reportable data breach under applicable law), resiliency plan and associated communications plan. The response plan should include response and notification procedures for ransomware incidents. You should also ensure that your incident response plan is regularly tested and updated, as cyberthreats are quickly evolving. Engage in what is called a “tabletop exercise” at least annually, which is like a fire drill but for data security. According to the 2023 CODBR, employers who maintained an incident response team and plan were able to identify and contain data breaches an average of 54 days (19.4%) faster than employers who did WWW.KYADA.COM 15
RkJQdWJsaXNoZXIy MTg3NDExNQ==