There are many businesses that deal in volume, WalMart and Amazon are the current giants in this arena. Instead of selling big-ticket items to a small number of clients you can make just as much money, or perhaps more, by selling many cheaper items at a smaller profit. Selling big-ticket items is much more of a pain: highly paid sales staff, contracts, and negotiations, not to mention spreading your profit thin while waiting for the next big deal. Cybercriminals have found this out too, which is why they are moving from hitting large enterprises with deep pockets to local governments and small and medium-sized businesses. 43% of cyber attacks now target small business and this number is growing.

Large enterprises have IT staff, cybersecurity staff, C-level technical executives, and board members investing in cybersecurity programs. The work required is high, the payoff can be huge, but the authorities will also take notice. Instead, what if attackers were to hit many smaller businesses at lower payouts but with little effort and much less of a chance of anyone taking notice?

SMBs typically have little in the way of cybersecurity maturity, particularly in the areas of Detection and Incident Response. 60% have no cybersecurity plan whatsoever (https://www.keepersecurity.com/blog/2019/07/24/cyber-mindset-exposed-keeper-unveils-its-2019-smb-cyberthreat-study/). Ransomware attacks are especially effective against businesses that would be willing to pay thousands in Bitcoin to regain access to their computers and business data. Not having an available point of sale machine, not having access to customer data or not being able to make and receive payments can bankrupt a business in short order. While SMBs can’t afford to not pay the ransom, they can’t afford to pay it either. According to the National Cyber Security Alliance, 60 percent of small and midsized businesses that are hacked go out of business within six months.

As cybercriminals continue to target small businesses, owners need to learn how to protect themselves and their businesses. Luckily, there are people willing to help.

One in four SMBs that don’t have a cybersecurity plan say that they don’t know where to start. Timberwolf Information Security specializes in developing cybersecurity strategy for organizations of all sizes. Contact Us for more information on our SMB-focused cybersecurity programs.

The number of ransomware attacks has made another sharp increase in 2019, fueled by unprepared targets in the local government sector and ready payouts from insurance companies. The goal of the insurance provider is to reinstate the business as soon as possible with the least financial impact, but this has had a net negative impact on cybersecurity as a whole by making ransomware attacks increasingly more attractive to attacks.

Theresa Payton, former White House CIO who spoke at the recent CloudSec conference agrees, recalling an incident where the insurance company chose the cheaper route of paying the ransom rather than recovering from backups which were available:

“They called the insurance company to try to do the forensics to not pay… the insurance company said they’re experienced at negotiating with ransomware syndicates, getting the price down and it’s going to be a lot cheaper to pay”, stated Payton.

This isn’t the first of such anecdotes that I have heard, or read. Lake City, Florida City Manager Joseph Helfenberger ran into a similar issue when it’s insurance company opted to pay $460,000 in ransom rather than more than an estimated $1 million for a prolonged recovery from backups which would exceed the coverage limit.

Nation-states and organized crime are emboldened by these payouts, having learned that organizations that have cyber insurance are more likely to pay the ransomware bill than an incident recovery bill. Paying the demanded sums is not only encouraging more of such attacks but is directly funding these criminal enterprises who will reinvest in conducting further attacks on more targets.

If you pay the criminals now, what happens in the future?

In the end, nobody but the targetted business can decide what decision is right for them — this is what I preach and practice. My hope is that the market will make such payments untenable for those insured due to increased deductibles and coverage costs and we can keep the insurance companies out of this decision process.

Cyber-insurance, in the end, won’t get your customers to trust your business again. You can’t put a dollar on the public perception of your company. The best insurance is a solid Cybersecurity Program that addresses ransomware and other risks to your business. Find out more about how Timberwolf Information Security can help at https://www.timberwolfinfosec.com.