Skip to main content

How to minimise the risk of a ransomware attack on your business

Small-to-medium businesses are more likely to be targeted in a ransomware attack according to new research released by cloud security provider Akamai in August 2023. With 65% of ransomware attacks targeting businesses on the lower end of the revenue scale, it’s never been more important for you to take cybersecurity more seriously.

In this article, we take a look at the current impact of ransomware on Australian businesses and steps to consider to help minimise the risk of an attack.

What is ransomware?

Ransomware is a form of malicious software that cybercriminals have used to financially exploit Australian businesses for many years. Traditionally, hackers employed ransomware to encrypt critical files on a company’s network and block administrator access, subsequently demanding victims pay a ransom to restore their files. Businesses slowly adapted to this threat by improving their IT systems and conducting regular backups of critical systems – but as many security experts recognise, it is nearly impossible to stay ahead of cybercriminals.

Ransomware also evolved as threat actors discovered new sophisticated methods of attacking businesses, including double and triple extortion techniques. These techniques include threatening to publish exfiltrated data on the dark web, selling stolen information to criminal groups and launching Distributed Denial of Service (DDoS) attacks against businesses to cripple their network. These threats increase the pressure and serve to further encourage victims to pay the ransom.

Print

A company’s IT systems can become infected by ransomware in many ways. Most commonly, businesses are exposed to ransomware through phishing emails, also known as social engineering. These emails are often sophisticated and highly targeted, designed to manipulate unsuspecting employees into clicking malicious links or attachments to infect the entire network.

Recently, ransomware has also infected a huge number of business networks by exploiting common vulnerabilities in web servers as a point of entry. The 2022 Annual Cyber Threat Report, developed by the Australian Cyber Security Centre, cautions that ransomware attacks remain high, and also likely to be significantly underreported.

To combat this increase, the newly introduced Ransomware Payment Bill aims to impose a ransomware payment notification scheme whereby government agencies and businesses that turnover more than A$10 million will be required to notify the Australia Cyber Security Centre before paying a ransom.

How is ransomware a threat to SMEs?

It’s a common myth that only large companies are impacted by ransomware. An August 2023 study has revealed a 204% increase in total ransomware victims from the previous year (Q1 2022), with the majority of targets being small-to-medium businesses.

Ransomware has become extremely harmful to all businesses, contributing to 81% of financially motivated eCrimes globally. This form of cyber attack can cripple IT systems, websites, customer data and payment systems. Ransomware poses a major operational risk to businesses of all sizes, industries and revenue. A ransomware attack would threaten the financial stability of a small business due to the loss of revenue, IT recovery costs, network remediation and cost of paying the ransom if the business chooses to do so. A recent survey found that the average ransomware downtime cost was US$274,200 (A$377,700) for small and medium businesses in 2020.

Methods to mitigate Ransomware

1. Provide formalised phishing and cyber security awareness training to all employees

Teach employees how to identify malicious emails and, where possible, report suspicious emails to IT or senior management. This will help to reduce the likelihood of employees exposing the business to infectious websites or email attachments, as recent data has shown that 54% of ransomware attacks are caused due to phishing emails.

2. Flag all emails which originate from outside of the organisation

Incorporating an automatic alert on all external emails can help prevent hackers from impersonating internal staff and attempting to gain system access to perform funds transfer fraud.

3. Use antivirus and anti-spam solutions

Implement a spam filter to prevent the majority of phishing emails from reaching the network.

4. Enable multi-factor authentication

Using multiple layers of verification to confirm an employee’s identity whilst logging in can increase network security in the face of weak passwords and increased endpoint vulnerabilities caused by working from home.

5. Complete regular patching of all hardware, software and operational technology

This can help to prevent hackers from targeting common software vulnerabilities with malware in order to gain control of a company’s network and data. These exploits are perpetually discovered by criminals and can be greatly reduced by deploying critical software patches.

6. Follow the principles of network segmentation and least privilege

Restricting local admin privileges as much as possible ensures that if credentials are compromised, hackers are vastly restricted in their ability to move laterally or cause further network disruption.

7. Maintain system backups

Maintaining an up-to-date offline copy of critical system data does not prevent an external threat but often gives more options to organisations when determining whether they want to negotiate with the cybercriminals or attempt to rebuild the system themselves.

Why is cybersecurity insurance crucial in mitigating ransomware?

Cyber insurance responds to claims made by victims of a ransomware attack. This includes:

  • Immediate 24/7 access to incident response services following an actual or suspected cyber event
  • Ransom payments and access to specialist ransom negotiators (where it is legal for insurers to pay a ransom)
  • Loss of profit related to business interruption following a ransomware attack
  • Costs to repair and restore IT systems and data.

It is critical for businesses to take proactive measures to help manage their cyber risk, including the implementation of cyber insurance cover. A cyber insurance policy is an extremely valuable risk transfer tool for every business. With a cybersecurity insurance policy in place, access can also be made available to cyber security training modules and risk awareness videos as part of your business policy, helping your business and your team to identify and prevent cyber attacks.

The threat of ransomware is continually evolving in complexity and frequency, meaning that no business is safe. Protect your business from ransomware attacks today by talking to a cyber-risk expert for a solution to help keep your company safe.

Need help?

If you have any questions about the content covered in this article or the risks and insurance coverage requirements for your business, reach out to your Marsh risk advisor today or contact us.

Request a call back

LCPA 23/358

This publication is not intended to be taken as advice regarding any individual situation and should not be relied upon as such. The information contained herein is based on sources we believe reliable, but we make no representation or warranty as to its accuracy. Marsh shall have no obligation to update this publication and shall have no liability to you or any other party arising out of this publication or any matter contained herein. Any statements concerning actuarial, tax, accounting, or legal matters are based solely on our experience as insurance brokers and risk consultants and are not to be relied upon as actuarial, accounting, tax, or legal advice, for which you should consult your own professional advisors.

 

Marsh Advantage Insurance Pty Ltd (ABN 31 081 358 303, AFSL 238369) (“Marsh”) arranges the general insurance (i.e. not the Discretionary Trust Arrangement) and is not the insurer. This page contains general information and does not take into account your individual objectives, financial situation or needs. For full details of the terms, conditions and limitations of the covers, refer to the specific policy wordings and/or Product Disclosure Statements available from Marsh on request. Marsh makes no representation or warranty concerning the application of policy wordings or the financial condition or solvency of insurers or re-insurers. Marsh makes no assurances regarding the availability, cost, or terms of insurance coverage. Any statements concerning actuarial, tax, accounting, or legal matters are based solely on our experience as insurance brokers and risk consultants and are not to be relied upon as actuarial, accounting, tax, or legal advice, for which you should consult your own professional advisors. The Discretionary Trust Arrangement is issued by the Trustee, JLT Group Services Pty Ltd (ABN 26 004 485 214, AFSL 417964) (“JGS”). Any advice or dealing in relation to the Discretionary Trust Arrangement is provided by JLT Risk Solutions Pty Ltd (ABN 69 009 098 864, AFSL 226 827) (“JLT”). JGS and JLT are businesses of Marsh McLennan. The cover provided by the Discretionary Trust Arrangement is subject to the Trustee’s discretion and/or the relevant policy terms, conditions and exclusions.