Every 14 seconds, a company falls victim to ransomware attacks.
Richey May Executive Director of Cybersecurity Services John-Thomas Gaietto presented this alarming statistic, which was originally reported by Cybersecurity Ventures, during a tech session at the Mortgage Bankers Association’s annual convention in Austin, Texas.
During the session, titled “Ransomware and Other Security Threats in Your Backyard,” Gaietto was joined by CyFIR chairman Andrew Ward, FBI supervisory special agent Holly Easter Kelley and Scott Riddick senior special agent for the U.S. Secret Service.
The resounding message from the panelists: cybersecurity threats are only increasing, so companies need to be prepare for them now.
Gaietto was quick to point out that traditional firewalls are not enough to protect companies from ransomware attacks. According to Ward, these attacks doubled from 2017 to 2018, and he predicts this trend will continue.
“In most cases, most organizations have up-to-date antivirus in place, and so your traditional controls are not very effective against these types of attacks,” Gaietto said. “Having a back up is a good strategy, but oftentimes organizations fail to either test those backups periodically, or in some cases, what we found is that all they have their backups in the cloud it’s taking them too long to download all that data for their internet connection again, and that’s another issue that is impacting their time.”
In response to this, he recommended having a process in place for “not if an attack occurs, but when.”
This process, he said, should include having a plan and regularly testing it, as well as knowing when to contact law enforcement and service security insurance. Ward agreed, emphasizing that having insurance for these types of attacks is paramount.
“Oftentimes I think that the biggest objection to really being prepared is this budget and cost to think to that insurance, you know, the attacks not in front of you so you tend to prioritize other things and budget,” Ward said.
“But it really doesn’t cost as much as you would think, and I think if organizations had an understanding of the risks, they might be in a better spot but just simple things,” Ward continued. “Just in the training of the personnel, you see a big difference in organizations that do it and those that don’t.”
And while the FBI and Secret Service can potentially intervene after an attack, Riddick was quick to explain that the government does not play an active role in prevention.
“It may surprise some that the federal government defense does not have an active role in prevention,” Riddick said. “The internet has no borders. There are no checkpoints for us to monitor. Our main focus tends to be on education like we’re doing here today as well as providing resources and partnering with private industry in order to develop software tools to decrypt these ransomware variants.”
When it does come to intervention, particularly in the cases of wire fraud, Kelley, who has worked with municipalities that have come under cyberattacks, emphasized the need for companies to report them quickly.
“Usually, within 24 hours we have about 70% rate of getting wired money back,” she said. “We can’t guarantee it but by the time you get to two days expect down to 38%.”
When it comes to actually paying a ransom, the panelists agreed that the choice comes down to an independent business decision.
[Update 1: This article has been updated to reflect the original source of the ransomware data cited by Richey Mae’s John-Thomas Gaietto.]