Cyber 101 Series: How to Defend Against Ransomware With Multi-Factor Authentication
Ransomware is now one of the most damaging and rapidly growing cyber security threats organizations face today. According to SonicWall’s2022 Cyber Threat Report, global ransomware attacks increased by 105% over 2020 and more than triple the amount seen in 2019.
Looking ahead, this pace is likely to continue as Ransomware is a highly lucrative business for cybercriminals. Today, the average recovery cost from a ransomware attack sits ataround $2 million.
Predictably, ransomware insurance claims have also steadily increased in response to the rise in attacks. As a result, cyber insurers are implementing strict preventative measures for insured businesses as a requirement to place effective cyber insurance coverage claims.
In this article, we’ll take a closer look at ransomware, its mechanics, as well as a popular preventative measure now required by insurers.
What is ransomware?
Per CISA.GOV Ransomware is “an ever-evolving form of malware designed to encrypt files on a device, rendering any files and the systems that rely on them unusable. Malicious actors then demand ransom in exchange for decryption.” What makes ransomware particularly heinous is its ability to quickly corrupt and paralyze entire networks — far beyond the initial entry point. The results of which are often devastating and costly for its victims.
In its latestState of Ransomware survey, cybersecurity experts at Sophos found that the average ransom paid was $170,404 in 2021. Perhaps even more severe is the steep prices businesses are paying to recover in the aftermath of a ransomware attack. In thesame survey, Sophos found that the average ransomware recovery cost businesses, on average, $1.85 million in 2021. This staggering amount is due to a range of contributors, including device costs, network costs, downtime, people hours, and more.
“Recovering from a ransomware attack can take years and is about so much more than just decrypting and restoring data. Whole systems need to be rebuilt from the ground up and then there is the operational downtime and customer impact to consider, and much more.” — Chester Wisniewski, Principal Research Scientist, Sophos
Recent High Profile Ransomware Attacks
2021 showcased an astonishing list of high-profile ransomware attacks — costing major corporations around the world massive losses in ransom fees.
Kia Motors, for example,was forced to pay 404 Bitcoins (around USD $20 million) to a group of cybercrooks in order for the safe return of sensitive data. To make matters worse, the hackers threatened to increase its ransom amount to 600 Bitcoins if Kia did not meet its demands on time.
Last May, JBS USA, one of the US’s largest meat suppliers,also fell prey to ransomware. As a result of the attack, the company was forced to temporarily shut operations at five of its largest plants. When all was said and done, JBS had to hand over some USD $11 million in Bitcoin in order to get its systems back online.
Then there was themassive ransomware attack on IT infrastructure management firm, Kaseya. Orchestrated by Russian hacker organization, REvil, the attack demanded Kaseya to pay $70 million — by far the most costly payout demand of 2021. Making matters worse, the attack extended beyond Kesaya’s network to also impact some 1,500 of the business's customers and partner companies.
How to Prevent Ransomware with Multi-Factor Authentication
For years, online authentication was performed by entering a simple combination of username and password (known as single-factor authentication). But as cyber crimes have become more rampant, sophisticated, and costly, those old authentication ways are no longer sufficient at keeping users and businesses safe online.
What has emerged is a new form of authentication, known as two-step verification or multi-factor authentication (MFA). Unlike single-factor authentication, with MFA, the authentication process requires proof of a second thing or factor in order to successfully log in, such as:
Something you have: Such as a smartphone or USB stick
Something you know: Such as a password or a PIN code
Something you are: Such as your fingerprint or facial recognition
Say, for example, you are trying to log on to your online bank account. You first go to your bank’s website and enter your username and password. Because you have MFA enabled, your bank then asks you to acknowledge the log on by tapping on its authentication app on your smartphone. Once both authentication steps are taken, you are then re-routed to your online banking portal.
Because of this added security step, MFA is mighty at protecting users and businesses from ransomware. Whereas one factor may be easy for criminals to acquire, gaining access to a second factor is often far more difficult. As a result, criminals are more likely to avoid the challenge and seek easier victims to attack.
Today, many organizations around the world require some form of MFA, including most cyber insurance coverage carriers. In fact, most carriers now require proof of MFA before even issuing a quote. And for good reason. With MFA in place, a company can protect itself from unauthorized access to its information which in turn reduces insurance claims and saves the insurer money. In fact, according to research by authentication platform, Okta, MFA can reduce security breaches byas much as 75% — which definitely underscores MFA’s popularity amongst insurance providers.
Luckily, MFA’s widespread adoption in the consumer service space (such as banking) means many employees are now comfortable using the technology which minimizes the barriers to organizational implementation.
The case for MFA is clear — it protects against ransomware, employees are comfortable with it, and cyber insurers now demand it.
Stay tuned for part three of our Cyber insurance 101 series where we will take a look at other key security measures businesses need to follow in order to gain successful cyber insurance coverage.
About Andy O’Neill, Director of Cyber, Relay Platform
Andrew has had a successful career in the Cyber Liability industry that started with Colemont (now AmWINS) as Assistant Broker through the Broker in Training program with the Financial Services team. Andrew continued his professional development by becoming an Underwriter at the Travelers and later with the MGA Business Risk Partners, where he took control as the Lead Underwriter on the Cyber and Technology program with Liberty International Underwriters. Andrew later returned to the broker side with RT Specialty and continued to focus on Cyber Liability and Tech E&O. He currently serves as the Director of Cyber and Tech E&O at Relay Platform.
Andrew comes from a diverse background. In addition to his extensive background in Cyber Liability and Tech E&O, he also served in the U.S. Army where he was an Air Defense Team Chief and graduated from Airborne school.