3.86 million USD is the global average cost of a cyberattack data breaches
Did you hear about the JBS ransomware attack in May 2021? It was one of the largest and most high-profile cyberattacks in recent history. JBS, the world’s largest meat supplier, was hit by a ransomware attack that affected its operations in North America and Australia. The attackers used a type of ransomware known as REvil, which encrypted the company’s data and demanded a ransom payment in exchange for the decryption key. Luckily, JBS, who supplies meat to retailers and restaurants worldwide, quickly took steps to isolate the affected systems and shut down its servers to prevent the spread of the attack and its knock-on effect on the global food supply chain.
So why is this relevant to you and your business? The JBS ransomware attack makes the growing threat of cybercrime and the need for organizations to take proactive steps to protect their data and systems real. If this case study isn’t enough of a warning for companies to prioritize cybersecurity as a critical component of their overall risk management strategy, then these other sobering statistics might just be:
Cybercrime is up 600% due to the Covid-19 pandemic. One of the reasons for this meteoric rise in cyberattacks is the trend of ‘working from home’. This new norm has increased the average cost of a data breach for companies by $137,000 per company.
Sadly, ransomware, malware, and data theft have become part of our every-day vocabulary, yet businesses are seriously lagging: Over 77% of organizations do not have a cyber security incident response plan. Are you one of them?
It is essential that businesses are aware of the possible cyberattack threats and disruptions facing them; and the food and agriculture industry is no different. So how do we mitigate the threat for our businesses and protect them against ransomware attacks? All is not lost, besides insurance being an ultimate tool to mitigate a loss which has already occurred, there are preventative steps every organisation should take. Here are our top tips.
Firstly, and perhaps the most obvious one, is to ensure your company data is regularly backed-up and that there are password protect backed-up copies offline. On average, only 5% of companies’ folders are properly protected. It is essential to ensure copies of your critical data are not accessible for modification or deletion from the system where the data resides. In addition, your company should implement air gapping – the process of ensuring there are gaps when the business’ computer systems are not directly or indirectly connected to the internet.
Secondly, your organisation needs to actively think about what you will do if your systems go offline. What are your critical functions? How will you operate manually if it becomes necessary? How will you implement a recovery plan and what will it look like? Your recovery plan should include maintaining and retaining multiple copies of sensitive or proprietary data, and that your servers are in a physically separate, segmented, and secure location, such as a hard drive, storage device or cloud.
Thirdly, limit who can do what on your systems and audit them regularly. A whopping 95% of cybersecurity breaches are caused by human error, so this is not something to be overlooked. Whether you are a large company or a small one, by requiring administrator credentials to install software, you are actively limiting the number of people who can expose your systems to a cyberattack. You should routinely audit those user accounts with administrative or elevated privileges and configure access controls with least privilege in mind.
Incredibly, 94% of malware is delivered via email; so, another simple step to reduce risks caused by your employees could be to disable all hyperlinks in received emails; to add an email banner to messages coming from outside your organisation; to regularly check that you have disabled all remote access/RDP ports; and that you are systematically monitoring remote access/RDP logs
Forewarned is forearmed
What is more, forewarned is forearmed. Through comprehensive cyber security awareness and training you can effectively ensure your staff are forewarned about the cyber risks and vulnerabilities facing your company, and forearm them with techniques and best practices to minimise the risks you are exposed to. For example, ensure all employees know only to use secure networks, and that when working outside the office they should not use public WiFi networks. One way of making this easier for your remote workers is to install a VPN or virtual private network. Employees need to be reminded to use strong passwords and to regularly change their passwords to network systems and accounts, adhering to the shortest acceptable timeframe for password changes. They should also be prevented from reusing passwords for multiple accounts and encouraged to use strong pass phrases wherever possible.
And finally, a basic but often disregarded step is to ensure your software and systems are up to date and that you have updated anti-virus and anti-malware software on all hosts.
With a little forethought, preparation, education, and investment in robust security measures organizations can reduce the risk of a cyberattack and minimize the impact of any incidents that do occur. You might not be able to completely prevent all cyberattacks, but you definitely can reduce their impact and make it harder for hackers to attack.
Statistics taken from:
You are experiencing a cyber incident? Contact our colleagues from CERTAINITY:
+49 800 2378246
+43 664 888 44 686
The article is written by Stephan Eberlain and Maksym Shylov.
T +43 664 962 40 08
Group Practice Leader
Food & Agriculture
T +48 22 39 33 211
In the face of growing environmental challenges and climate change, insurance companies like UNIQA Group are taking significant steps to embrace sustainability.
If carefully designed and managed, a captive is a tool in the risk manager’s toolbox for large companies that can help build resilience to future transformation risks as a result of climate change, amongst other things.