Privacy and Data Security Alert l March 2020 #2

Shook, Hardy & Bacon L.L.P.

Beazley Cites Ransomware as the Top Threat for Cyber-Attacks in 2020

Insurance provider Beazley has issued a report (free registration required) detailing the landscape of cyber-attacks over the past year. The report dives into the nature and causes of attacks reported to the insurer and offers practical advice on how companies can defend themselves from malicious actors.

What Do the Numbers Say?

Hacking (e.g., phishing, SQL injection, DDoS, etc.) and malware (e.g., ransomware, trojans, rootkits, etc.) were the top cause of loss in 2019 with accidental disclosure in a distant second. In 2019 alone, Beazley Breach Response (BBR) Services saw 775 ransomware attacks, an astounding 131% increase from 2018. Notably, business email compromises decreased in 2019, a trend that BBR Services contributes to a focus on ransomware given the high payouts. With the increase in ransomware incidents also came an increase in payment demands for each attack, reaching as high as eight figures for larger targets.

Who Was Affected the Most?

Healthcare entities and financial institutions were hit the hardest by data incidents in 2019, combining for over 50% of all targeted attacks. However, government, manufacturing and construction businesses formed the top three for reported ransomware incidents while healthcare and financial institutions were at the bottom of the list. Additionally, BBR Services reported an increase in reported attacks through companies’ IT managed service providers (MSPs).

What’s Next?

With the evolution of ransomware, attackers are starting to employ more sophisticated techniques. For example, BBR Services reported a dramatic increase in ransomware variants such as Sodinokibi and Ryuk that deploy with trojans such as TrickBot and Emotet designed to harvest credential data. Traditionally, attackers deployed a ransomware’s payload and exited the system. However, with the change in tactics and extortion demands, there is a heightened risk of access and exfiltration of data, which may result in additional legal notification obligations and business concerns.

Additionally, BBR Services expects an increase in attempts to compromise MSPs. When an MSP is hit with ransomware, all downstream operations for each customer are affected and recovering as quickly as possible is essential. As such, MSPs are extremely valuable targets for attackers.

How to Minimize These Risks

While attackers’ methods continue to evolve, the most common forms of entrance into a company’s network are through phishing emails or gaining unauthorized access via remote desktop protocol (RDP). BBR Services suggests locking down RDP, requiring multi-factor authentication wherever possible, disabling PowerShell and religiously patching systems. Ensuring that sensitive information is encrypted in transit and at rest is also an excellent way to minimize the risk of loss. Above all, maintaining multiple backup copies of data stored in secure locations and periodically testing these backups can be vital to restoring data in the event of a ransomware incident.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Shook, Hardy & Bacon L.L.P. | Attorney Advertising

Written by:

Shook, Hardy & Bacon L.L.P.

Shook, Hardy & Bacon L.L.P. on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.