Cybercriminals are no longer targeting only major companies with deep pockets—they are also going after small and medium-sized businesses.
Nearly half (43%) of cyberattacks are aimed at small businesses, yet only 14% of these businesses are prepared to defend themselves.* As criminals develop more awareness around security flaws, they are becoming increasingly sophisticated in their attacks, and without the proper infrastructure in place, your medical practice could be their next victim.
Top Threats to Cybersecurity
Ransomware is a type of malware that denies a business’s access into its systems and demands payment, for access to be regained. Payment is typically demanded by hackers through cryptocurrency, a credit card payment or untraceable gift cards. Although many companies are forced to pay the ransom in the hopes to minimize businesses losses, paying the ransom does not guarantee that a company will regain access. In fact, paying up may even make that company a target of future attacks, as cybercriminals often share details on the dark web about companies that pay ransoms.
Ransomware enters a company’s system in a variety of ways, but the most common is through target emails. These messages include a link to a malicious website, and when the user opens the infected attachment, ransomware contaminates the victim’s computer and quickly multiplies throughout the network—crippling operations.
The recent COVID-19 crisis brought on a “cyber pandemic” as criminals discovered new ways to take advantage of vulnerabilities and gain access to systems. From ransomware to data breaches to unemployment fraud, COVID-19 has accelerated existing challenges and unleashed an entirely new set of obstacles. Healthcare remains a vulnerable, popular target among cybercriminals as hackers hold valuable patient data and networks hostage until the companies meet their demands. North American companies are notably more likely to be targets of these attacks, experiencing 117% more attacks than Europe.
Accessing open RDP ports
Hackers are developing new ways to get access to networks by detecting Remote Desktop Protocol (RDP) ports. RDP ports enable employees working away from their physical office to access computers and stay connected through remote work. This connection method has become more commonplace and is essential for many businesses, but open RDP ports can leave vulnerable pathways that allow hackers to cause irreversible system damage.
If a criminal can dig deeper within the system, they oftentimes corrupt backups of all files, leaving the business with no alternative but to pay the ransom to access their systems and data and reduce the amount of downtime for their business.
Entering an RDP port oftentimes solely requires that the cybercriminal uncovers a set of login credentials. Threat actors steal these login credentials on their own or purchase them on the dark web.
Many cybercriminals are also gaining access to critical data within systems through the cloud. Organizations have adopted cloud applications, especially during the pandemic to enable remote working, and criminals quickly found ways to exploit weaknesses.
Additionally, criminals are creating targeted attacks to managed service providers (MSPs), which are companies that manage a customer’s IT infrastructure or other systems. Hackers targeting MSPs use unauthorized access to deploy ransomware attacks on multiple client environments, leading to an aggravated event from one compromised system.
Top Cybersecurity Misconceptions
1. My data isn’t valuable enough
All organizations have valuable data that is worth protecting, and cybercriminals are targeting Service Message Blocks (SMBs).
2. I’ll know whether my organization has been breached
Cybercriminals are talented at covering their tracks. And the longer they stay inside your system, the more damage they will do.
3. Cybersecurity is a technology issue
Cybersecurity is the responsibility of every part of the organization, not just the IT department.
4. Outsourcing to a vendor ensures that we’re safe
There are many cases of MSPs being targeted, so it’s critical to ensure that any partners you work with have robust cybersecurity measures in place.
5. Cybersecurity breaches are covered by my general liability insurance
Most standard liability insurance policies don’t cover these types of threats. Speak with your insurance broker to understand the coverages available.
Should You Pay the Ransom?
The FBI doesn’t support paying cybercriminals the requested ransom because doing so encourages the business model. Additionally, adversaries may publicize that information on the dark web—making you a future target. Less than half of ransomware victims that pay the ransom can successfully restore their systems.
The number of cyberattacks taking place every year is surging, and organizations need to take adequate precautions to prevent these attacks before they suffer irreversible harm.
Build a stronger backup strategy
The configuration of backups is critical. Attackers are likely to delete backups prior to deploying ransomware to increase the odds that you will pay. Oftentimes backup strategies are designed to protect against hardware failure, but they weren’t designed to protect against hacker infiltration. Up to 40% of ransomware claims have affected backups. Purchase a backup solution that uses a separate non-domain account with multifactor authentication. Retain multiple copies of data and keep one offsite. Closely monitor your backup solution for suspicious activity and data exfiltration.
Use multifactor authentication
Improve your security posture by requiring a multifactor authentication on all public-facing employee service protocols. Also, restrict internet-facing protocols, such as Remote Desktop Protocol and Server Message Block, to help prevent unauthorized access to your environment.
Implement a stronger endpoint solution.
Use advanced endpoint protection across your network.
These solutions should use machine learning to spot potential challenges in addition to conducting antimalware and antiviral activities in real time. The solution should be capable of detecting and preventing unknown threats and detecting unmanaged assets within the corporate environment.
With threats moving at a faster and even automated pace, speed will be critical for businesses attempting to stay ahead of criminals. Medical practices need to develop strategies, and then frequently and rigorously test those strategies, so that they will be ready when cybercriminals target their organization.
The licensed professionals with CAP Physicians Insurance Agency (CAP Agency) can help you learn about your own personal cyber risk and about affordable coverage options and services available through Tokio Marine HCC. For more information, please contact CAP
Agency at 800-819-0061 or email CAPAgency@CAPphysicians.com.
The information in this article is provided by Tokio Marine HCC. Tokio Marine HCC is the marketing name used to describe the affiliated companies under the common ownership of HCC Insurance Holdings, Inc., a Delaware-incorporated insurance holding company. Headquartered in Houston, Texas, Tokio Marine HCC is a leading specialty insurance group with offices in the United States, the United Kingdom, and Continental Europe.