The security picture just keeps getting worse for businesses as cybercriminals resort to ever-more devious means to extort businesses with ransomware and steal valuable data to sell on the black market.
As the security blog Ride the Lightning reported, the 2017 IBM X-Force Threat Intelligence Index found that records compromised surged 566 percent from 600 million in 2015 to over 4 billion in in 2016.
That surge created a glut of stolen structured data like names, addresses, phone numbers, and other data that’s easy to categorize, according to IBM. With the oversupply undermining the value of structured data, cybercriminals had an incentive to sift for more precious gems in unstructured data like emails, source code, internal reports, and intellectual property.
“The value of structured data to cybercriminals is beginning to wane as the supply outstrips the demand,” said Caleb Barlow, vice president of threat intelligence for IBM Security. “Unstructured data is big-game hunting for hackers and we expect to see them monetize it this year in new ways.”
Ransomware has shifted from an occasional annoyance to a serious problem reaching epidemic proportions. Average ransomware demands tripled in the past year. Security experts at Symantec said the average ransomware attack demanded $294 in 2015; last year they wanted an average of $1,077.
As reported on the DarkReading blog, Bitdefender and Spiceworks teamed up in a survey which found that one in five small-to-medium businesses had been hit by a ransomware attack in the preceding year. Just over a third of those attacked paid an average of just under $2,500 to get their data back. However, less than half had their data released, a Bitdefender security analyst said.
This points to a potentially major shift in tactics: Attackers can’t be depended upon to actually return the data when they receive the ransom.
Meanwhile, SC Media reported that FBI security experts have found that when companies receive a warning from the FBI that they’re being targeted by hackers, more than one-third simply ignore the warning. Complacency about cyberthreats remains a troubling reality in many companies.
Facing up to the risks of cyberattack damage
Clearly, the battle against hackers will not be won decisively anytime soon. Plugging one hole simply motivates cybercriminals to find another. Many operate far beyond the reach or influence of law enforcement, and the tools they use to attack are widely available.
And no matter how strong companies build up their cyber defenses, there will always be ways to fool people into clicking on links that install malware into their PCs that can infect entire networks. Sometimes disgruntled employees sell their sign-on credentials to cybercriminals or take valuable documents home with them when their employment ends. Then, they sell confidential company information for a tidy profit on the black market.
Consider all the valuable data in your networks:
- Customer names and unique identifiers.
- Intelligence on your marketplace, competitors, suppliers and vendors.
- Health records for your workforce.
- Valuable intellectual property.
Almost all companies rely heavily on their computer networks to store valuable data and provide customer service. Data compromises go to the heart of companies’ ability to stay in business.
What happens if you get hacked
When systems become compromised, the potential for serious expenses emerges. To date, ransomware attacks have involved fairly trivial amounts of cash from a business perspective. But what if your attackers are among the ruthless ones who don’t return stolen data and instead sell it to the highest bidder on an encrypted black market site?
Even a more straightforward breach where hackers break in and steal structured data like names, addresses and Social Security numbers can expose a company to substantial liability. You could get sued by the people whose data was compromised, fined by regulators, and suffer a major decline in sales if news of the breach becomes public.
All these forces oblige companies to update their risk management to account for potential cyberattacks — and to consider taking out insurance to answer these threats.
Partnering with McGowan
The risk of cybercrime is a persistent reality, but companies do have avenues to safeguard themselves and their clients. When hit with a data breach, companies must have the right protections to assist with the inevitable regulatory actions and customer lawsuits.
Brokers who partner with McGowan Risk Specialists gain the experience of a trusted wholesale brokerage that focuses on the placement of cyber liability products. With the proper technology liability insurance in place, businesses know they won’t be decimated by a cyberattack.