Contact Us On
You’d have to be living in a hole to not of heard of the numerous ransomware cases making the news each and every single day. Just recently, I heard about a company that suffered a ransomware attack and had both their primary and secondary copies of the backups deleted by the cybercriminals. This then forced the company in question to pay the ransom, which by todays modern standards was relatively “cheap”.
The ransom demanded by the cybercriminals was “only” US $250,000, which when compared to the average ransom demand for 2021 of US $850,000 is well under.
Unfortunately, the story does not end there my friend. Once the company totalled up the cost of the downtime in lost sales, lost productivity, investigation and recovery costs the damage was well over US $4,000,000!
I know many of you think your cyber liability insurance will cover you in such a situation. The question is can you afford the US $4,000,000 loss upfront, before they reimburse you, if you have the right insurance coverage, and have done the “right” things. That last part is a very important point.
Here are some of the things that are happening globally currently with the insurance industry, specifically to do with cyber liability cover.
- A provider in France, AXA, is now refusing to reimburse their clients if they pay the ransom in a ransomware case.
- Claims can be denied by the insurer if the wrong information was supplied on the application form.
- Alternatively, if you or your existing IT services company took action which was deemed negligent by the insurer this may lead to your claim being denied or you may then face a lengthy legal battle with the insurer to get the claim paid.
- Providers in the United States are expecting a minimum standard of protections to be in place before they will even provide you a quote for coverage, if you don’t meet the minimum standard, you can’t even get a quote.
- Premiums are increasing exponentially, all over the globe for cyber liability cover, and this will continue.
It goes without saying, that these will come to Australia, at some point in the not too distant future, if they are not already here.
Naturally, you likely think your current Perth IT services company has this in hand for you. You may think you have a great backup system in place. You may also think they are “great guys” who would never let you experience such a thing because they are ahead of the curve, meet with you regularly, at least once a quarter to discuss these trends, and are implementing advanced layered cyber security services to protect you.
What about my existing backup system?
It goes without saying, just having a great backup is no longer enough. Here are some trends that are happening with ransomware currently.
- The type of ransomware used and the people behind the ransomware are using new and aggressive tactics.
- They start sending threatening emails to your employees or team.
- If they get nowhere with this that start calling senior leadership and executives on their mobile phones.
- They also make sure they obtain a copy of all your sensitive data and study your computer systems so they can up the pressure on you if you try to avoid paying or just restore from backup.
- Then they might threaten to contact clients or customers or the press if you don’t start playing ball, towards paying the ransom.
Imagine, for a moment, you the equity partner, principal or director of a professional services firm, either yourself or one of your employees, had fallen victim and ransomware had got onto your firm’s IT systems. Imagine what the damage to your reputation and livelihood could be if press got hold of it, or the cybercriminals contacted one of your biggest clients, someone you knew personally, for a very long time.
Naturally, you’ll be asked for comment by the press on the situation. If you’ve not been able to notify your clients yet about the damage, having your client hear from an unnamed cybercriminal or the press, about how their extremely sensitive personal matters are about to be released publicly on the internet for anyone to find, how do you think they would they be feeling?
Ask yourself this.
- Do you think they would be scared, angry and upset?
- What if it was some very personal matters you’d been helping them with? Something they would not want released publicly.
- How do you think they would be feeling then?
- Do you think they would want to continue to associate with you and do business with you and your firm?
- Obviously, would you, if the shoe was on the other foot?
I know you are thinking… So what? What does this have to do with my Perth professional services firm and why should I care? I’ll just go start another firm and leave the one I’m currently with.
There are a number of very important lessons in this situation.
- Your reputation will follow you and just because you’ve changed to another firm or started a new one, people won’t forget for a very, very long time.
- The need for the firm leaders, to lead by example, when it comes to matters, relating to cyber security. As a mentor of mine likes to say, “The fish rots from the head”.
- The need for ongoing cyber security awareness training.
- Making sure your employees or team are aware of the warning signs especially with scam or malicious emails. This is still the most common entry point with all cyber security incidents including ransomware.
- The need, to work with a specialist IT services company in Perth, with extensive cyber security experience, on an ongoing monthly basis, who can immediately assist in preventing, or at a minimum, mitigating the damage caused, when something like this happens.
- The need to have multiple layers of cyber security protecting your professional services firm or organisation.
So how do you avoid falling victim to ransomware?
Obviously, you want to work with an IT Services company with extensive cyber security experience that implements on going quality cyber security services to monitor the security of your professional services firm’s IT systems 24x7x365.
There must be a multi layered security approach across all your IT systems either in house, in the cloud or a hybrid system. The services must have guaranteed response times and you must know how long the data is going to be retained for.
If you’re an IT Leader for your organisation or perhaps you’re the managing partner or director for your firm, and you have an internal IT team, consider getting them the help they need, to protect you better. To learn more on how we can help, check out our co-managed IT services.
Have questions and want to learn more? Go to https://www.myinfotechpartner.
