Cyber Security, Industry Insights
Be CyberSmart: Don’t Let Your Business Be Held For Ransom
When ransomware strikes, business stops. You may be in the middle of writing an email or arranging a shipment or paying a bill when your familiar screen disappears and is replaced by an ultimatum: pay up or lose your data forever. A typical ransomware screen might inform you that your system’s data has been encrypted and to get the key to unlock it, you need to pay a ransom – usually in the form of bitcoin. Ransomware notices will also include a timeframe to pay, maybe in the form of a clock counting down to the second that your payment window closes, and your data is destroyed or distributed across the web.
A unique and particularly malicious form of cyberattack, ransomware has become a widely distributed threat in the last several years, targeting businesses and organizations of all sizes in all industry sectors including the transportation and logistics industry. Ransomware attacks against third-party logistics providers can be particularly insidious as they not only compromise a the data of the customs broker, forwarder, or 3PL/4PL but also that of your clients and partners.
What Is Ransomware?
Ransomware is a money-making scheme utilizing malicious software, or malware, that encrypts a business’s computer data and makes it inaccessible to its rightful owner. Criminals demand a fee to be paid in order for the data to be unencrypted and available. Like other types of malware, ransomware is a computer program that may be installed through deceptive links in an email message, instant message program, via a removable drive or device or through unprotected widgets, plugins or other entry points in a website. This malicious software is like an infiltration unit that sneaks into your computer and sets up shop. Once it’s there, it runs like any other program installed in the system.
Most recently, bad actors have upped their game utilizing a double-extortion ransomware tactic. They demand a ransom payment to decrypt the stolen data and another payment to keep that data private. If the ransom is not paid within a specified timeframe, the criminals threaten to publish the data for all to see or reveal it to a competitor or industry segment.
The High Cost of Ransomware
In addition to a shift in the disruptive tactics used by cyber criminals, a 2020 study performed by NetDiligence reveals that the average amount of ransom demand has steadily increased over the last few years – from $26,000 in 2016 to $72,000 in 2018. The highest ransom demand was for $1 million. The costs involved in this type of cyberattack go way beyond the ransom demand itself and can also include significant related expenditures, such as loss of income, recovery costs and crisis management. Today we operate in a digital work environment. When a system is down or data is inaccessible, most companies, including logistics service providers, are unable to perform crucial business operations. In fact, more than half the total cost of a ransomware event is attributable to business income loss, according to NetDiligence.
Many ransomware incidents aren’t publicized, particularly when a company pays the ransom, because of the fear of stigma, yet it’s important that logistics providers and transportation companies are aware of the real risks involved. Over the last few years, several attacks in the industry made it into the news, including a trucking and logistics firm whose public-facing and internal operations systems were attacked by a ransomware gang called Hades, according to FreightWaves. Days went by before customers were able to book loads as a result of the cyberattack. Another ransomware attack involved a trucking and logistics company in which 70% of its servers were locked by the criminals. The company paid the ransom and later spent days working on recovery. Last summer, a transportation agency hacked by a ransomware group not only lost access to its IT system, data, and customer support programs, it also faced a threat from the hackers that its data would be made public.
Build Your Ransomware Defense and Recovery Plan
Strengthening your cybersecurity plan is the powerful first step toward mitigating ransomware threats and the fallout from these attacks. A strong plan includes all of the following steps:
- Conduct ongoing and regular employee security awareness and cyber training. Each employee should learn how to recognize an email phishing attempt, know to avoid clicking on attachments, create strong passwords and regularly change them, and understand how to proceed in the event of receiving a message announcing a ransomware attack. Phishing emails lure victims into taking actions without realizing the malicious intent. The emails are created to look like they come from a trustworthy sender, but link to or contain malicious content that executes as soon as users click on it, encrypting their data and asking for the ransom.
- Perform a three- or six-month audit of your cyber hygiene practices to continuously improve your security.
- Create a business continuity plan in the event of a successful ransomware attack, including a procedure for how to report incidents and to whom as well as how to preserve digital evidence for investigators.
- Maintain a robust cybersecurity insurance program to help cover the costs involved with ransomware expenses. This includes the ransomware demand, the costs of restoring lost or destroyed data, loss of income, crisis management and PR costs and other related expenditures as a result of the cyberattack.
- Assess your company’s most valuable assets – where in the system they reside and the entry points to this information to understand your threat landscape and determine how best to protect your assets. Protective measures include the installation of firewalls, adding antivirus software, adopting two-factor authentication across all technology solutions, and/or contracting with third-party cybersecurity services. An outside firm can test your network to look for any security weaknesses.
- Identify integration points among technologies and documents. Transportation companies increasingly are adopting fleet and business management technology that is interconnected with many departments and operations. An attack on one asset could take down a company’s entire system.
- Implement robust data encryption to protect data if it gets into the hands of a hacker.
- Utilize email whitelisting and robust malware detection tools and keep all systems updated with the latest software and security.
- Make regular backups and ensure the backups cannot be deleted or corrupted. Test your backups and make sure one of the backups is stored separately offsite.
When you’re ready to begin your planning please register for our complementary online Cyber Insurance Risk Report. This is a great first step to understanding the scope of your cyber risk so that you can implement the right plan to protect your business.
Roanoke is available to discuss our Logistics CyberSuiteTM insurance solution, a comprehensive coverage program specifically designed for the transportation industry. An integral component of our program is our cyber risk training and support to help you mitigate your risks as well as access to the informational tools and cyber recovery expertise provided by our cyber risk management partner, eRiskHub. You can reach us via email at firstname.lastname@example.org or on the phone at 1-800-762-6653.
Sources: NetDiligence, Freight Waves, Mass Transit, Transport Topics, Deloitte