Exploit: Ransomware
Tampa Bay Times: Local news organization
Risk to Small Business: Severe: Cybercriminals infected Hanna Andersson’s online store with payment skimming malware that collects customers’ personally identifiable information. The breach impacted customers shopping between September 16 and November 11, 2019. The company only identified the breach after being notified by law enforcement, and the consequences were exacerbated because Hanna Andersson failed to follow PCI standards for payment card encryption and CVV management. As a result, the company will likely face both customer blowback and regulatory scrutiny, neither of which will help the business thrive.
Individual Risk: No personal information was compromised in the breach.
Customers Impacted: Unknown
How it Could Affect Your Business: Cybercriminals are frequently turning to ransomware attacks to exploit companies that can’t or won’t protect their critical IT. These attacks are relatively easy to deploy, and, for organizations unprepared to defend themselves, they are uniquely expensive. With today’s threat landscape, it’s critical to regularly assess and update your defense posture to meet the moment.
Recovering From a Ransomware Attack is More Expensive Than Ever
2019 saw a steep rise in the number of ransomware attacks impacting vulnerable organizations. Unfortunately, recovering from these attacks is becoming more expensive than ever. According to a new report, the total recovery cost of a ransomware attack doubled in the last quarter of the year, reaching $84,116.
In some cases, the cost is increasing because cybercriminals demand higher ransoms, but other factors, including hardware replacement, lost revenue, and brand erosion, all contribute to this incredibly high sum.
In addition, the report detailed the latest escalation in ransomware attacks. Cybercriminals are not content with just encrypting data and demanding Bitcoin payments anymore. They are increasingly willing to release company data online, which can provide both a greater incentive for companies to pay the ransomware and add a secondary revenue stream for criminal operations. Taken together, it’s clear that today’s organizations need to reassess their defensive postures as it relates to this escalating threat.
Notably, ransomware always requires an access point and a foothold to encrypt company data. Closing off common loopholes like phishing emails and securing employee accounts with simple, effective tools like two-factor authentication can help ensure that your organization isn’t the next victim of an expensive ransomware attack.
