The COVID-19 global health crisis has brought greater risks to the cybersecurity environment. According to Deloitte, 2.7 billion people around the world have been affected by government lockdowns. This includes 67% of the American workforce, which is now working from home. As organizations have quickly pivoted to operate remotely, the secure network environments and security practices used in office environments have been slower to keep up.
Many more workers are now using an RDP (Remote Desktop Port) to remotely access their in-office work environment from unsecured home networks, and cybercriminals are taking advantage of the increased vulnerabilities. According to Info Security Magazine, incoming cyber threats have increased sixfold since the start of the global health pandemic. Meanwhile, in April of this year, RDP brute force attacks have risen to 100,000 per day, up from 40,000 attempts during the same period last year.
When it comes to valuable data being the target, companies need to realize that you don’t have to manage health records or tax documents for data to be valuable to hackers. Customer personal information, payment records, and vendor account info can all be held up for ransom at great expense to your business.
As IT systems and data play increasingly important roles in business, opportunities for cybercriminals continue to grow. For the first time, the annual Allianz Risk Management Report found cybercrime to be the number one concern for companies around the globe.
Our Cyber Claims Study also found that the average cost for a ransomware event was $150k for small and medium enterprises. For large companies, the cost can be much greater with criminals demanding millions of dollars in ransom payments.
Unfortunately, the cost of a ransomware attack typically doesn’t end when the ransom is paid. Even after an attack, lost business income and recovery expenses are likely to continue impacting your business. Recovery expenses can include:
- Restoring encrypted data from a backup data repository
- Paying out Bitcoin
- Hiring a Breach Coach® lawyer
- Hiring a computer forensic investigation team
- Notifying clients
- Defending against any litigation or regulatory enforcement actions resulting from the incident
Copeland Insurance Agency protects our clients with commercial coverage and risk management solutions for Data Breach, ransomware/malware and Direct Denial of Service (DDoS) attacks. Our personal lines coverage assists with identity theft and fraud coverage.