Ransomware Attacks & Tips - Small Business Recently Paid $150,000

professional profile

July 23, 2020

by a professional from Temple University in New York, NY, USA

Came across an article of a small business with 8 computers getting extorted out of $150,000 from a Ransomware attack. The threat actors penetrated their systems through a phishing email.

https://www.techrepublic.com/article/ransomware-attack-why-a-small-business-paid-the###-###-#### ransom/

It is right in line with a recent video that I posted providing tips to protect your business against Ransomware. You are never 100% safe, but precautions can be exercised to reduce the risk:

4 Ways To Get Extorted By Ransomware (The $84,000 Mistake): https://www.linkedin.com/posts/nnamdiosuagwu_rdp-mitre-ransomware-activity-6690581184478617600-MPTW

Questions: What are your thoughts on Cybersecurity Insurance? Do you have a process in place to monitor phishing emails?



1
3
87
Replies
3
commentor profile
Reply by a searcher
in Seattle, WA, USA
Some spam filtering services now have an option to make a list of all executive private email addresses, then they do visual character matching (e.g. i vs l vs L vs I) to look for fakes. Can be helpful for spear-phishing. And of course security is an ever-changing landscape with multi-layered defense by necessity.

Cyber-security insurance is an interesting arena, our IT consulting services company has recently been working with various brokers helping their clients get onboard. I definitely get the sense that the insurance industry is still feeling their way around on this one, but that's actually to the benefit of the buyer! So, yeah, it's actually a good deal right now.
commentor profile
Reply by a searcher
from Columbia University in New York, NY, USA
Buyers should expect to make this a part of due diligence. To the extent they find cyber security vulnerabilities, it can be a negotiation point. A professional audit is a very sensible approach. The business hand-over is a good time to do this as well, since many IT systems will be handed over in the process.

Insurance is a step, but it knowingly will not cover every issue. Employees (and former employees) can also be a big problem in this area. A substantial audit and a strategic plan for system management (and proactive security) are also important.
commentor profile
+1 more reply.
Join the discussion