2023 Cyber Resilience Report
This is article 15 of 18 in this Report.
October 04, 2023 / 5 min Read
8 Steps Toward Building Better Resilience Against Rising Ransomware Attacks
With increasing ransomware attacks, building resilience is a top concern for business leaders.
Key Takeaways
- Q2 2023 saw a 176 percent jump in ransomware frequency over Q2 2022.
- Controls mandated by insurers have helped to mitigate ransomware risk, but resilience must still improve.
- Building cyber resilience through carefully planned strategy is the key to mitigating ransomware risk within an organization.
Throughout 2022, ransomware frequency declined as mitigation efforts appeared to take hold. Then the calendar turned to 2023 and trends changed. The second quarter 2023 saw a 176 percent jump in ransomware attacks over Q2 2022, according to Aon data — a warning sign to businesses that may have let their cyber security guard down.
Aon’s cyber industry professionals believe ransomware frequency will likely return to its regular growth trend line at least through the remainder of 2023.
In early 2023, attacks primarily occurred in the following industries:
- The education sector in 14 countries, including the U.S., and countries in EMEA and APAC1
- Professional services firms, along with manufacturing, retail/restaurants, financial services firms and technology2
Critical Controls are Better, But Resilience Remains Top Concern
Cyber resilience remained a top concern for businesses in 2022. Organizations did, though, report an aggregate improvement in critical controls implementation, as insurers required more stringent risk management practices.
Critical controls that limit the probability of a ransomware event are an important part of the underwriting process. As capacity has returned to help soften the cyber market, underwriters continue to operate at a more in-depth, technology-driven and sophisticated level.3
Organizations focused more on cloud backup controls:
- In Q1 2022, nearly every company failed to have a cloud backup.
- One year later, only 34 percent of companies reported backups without cloud solutions.
Organizations should continue to focus on robust backup solutions. Sixty-eight percent of the companies in Q1 2023 still have no backup location offline, which limits their ability to recover critical data, not just from cyber events but also from outages and failures.
Business resilience also remains a concern. In Q1 2023 63 percent of companies reported that tabletop exercises were not conducted as part of business continuity and resilience planning.
With ransomware growing, special focus should be placed on endpoint system security. In Q1 2023 57 percent of companies lacked segregation of end-of-life software, amplifying vulnerabilities that provide an entry door to threat actors.
8 Ransomware Risk Mitigation Strategies
These eight tips can help build cyber resilience and mitigate the risk of organizations falling victim to ransomware:
- Be proactive — Ensure that the incident response (IR) plan/playbook and business continuity plan/disaster recovery have been assessed, reviewed and updated. Most importantly, ensure they are tested through simulated practice across realistic scenarios to help improve resilience.
- Educate employees on cyber security and phishing awareness — Companies must create a culture where all employees feel responsible for enterprise security. They should encourage individuals to detect and defend against threats, risks and attacks. Phishing is still a leading cause of unauthorized access to corporate networks, serving as the entry point for many ransomware attacks, and through artificial intelligence threat actors are making phishing campaigns look plausible, hooking victims at a higher rate. Training colleagues to not only spot a phishing email, but also report the email to their internal cyber security team, among others, has never been a more critical step in detecting an early-stage attack and reducing exposure.
- Employ multi-factor or “two-step” authentication — Multifactor authentication across all forms of login and access to email, remote desktops, external-facing or cloud-based systems and networks should be considered as a requirement for everyone. Multi-factor authentication also has the capability to help prevent the exploitation of stolen login credentials.
- Keep systems patched and updated — Unpatched vulnerabilities can allow attackers to compromise corporate networks. They often identify vulnerable systems with a simple online scan. Attackers engage in this exercise broadly and indiscriminately, looking for exploitable systems on which to unleash ransomware and other cyber attacks.
- Install and properly configure endpoint detection and response tools — Tools that focus on endpoint detection and response can help decrease the risk of ransomware attacks. They are useful as part of incident investigation and response. Properly configured security tools provide a much greater chance of detecting, alerting and blocking threat actor behavior.
- Design company networks, systems and backups to reduce the impact of ransomware — Ensure all privileged accounts are strictly controlled. Segment networks to reduce the spread of adversaries or malware. Strong logins and alerts offer better detection and evidence in the event of incident response. Establishing a technical security strategy that is informed by architects that know the latest attacks and adversary trends is important, as is the use of continuous threat intelligence monitoring in open source and on the dark web.
- Consider risk transfer options — Because ransomware attacks can threaten an organization’s reputation and goodwill, its complete risk can never be fully mitigated or transferred. Regardless, organizations should consider obtaining appropriate cyber insurance coverage by reviewing how it addresses indemnification for financial loss, business interruption, fees and expenses associated with the ransom and incident response. They should also carefully consider service providers, such as the ability to work with incident response providers of choice.
- Pre-arrange your third-party response team — An effective ransomware response will often include all or some third-party expertise across the disciplines of forensic incident response, legal counsel, crisis communications and ransom negotiation and payment. As time is of the essence during a ransomware attack, it is critical to pre-vet and pre-engage a team of professionals to monitor and be ready to respond to an attack when it happens.
Mitigating the risk of ransomware is a challenge for all businesses, large and small. But with the right risk mitigation and backup strategies in place, organizations and their people will be better prepared and more resilient for whatever comes their way.
Insurance products and services are offered by Aon Risk Insurance Services West, Inc., Aon Risk Services Central, Inc., Aon Risk Services Northeast, Inc., Aon Risk Services Southwest, Inc., and Aon Risk Services, Inc. of Florida, and their licensed affiliates.
The information contained herein and the statements expressed are of a general nature, not intended to address the circumstances of any particular individual or entity and provided for informational purposes only. The information does not replace the advice of legal counsel or a cyber insurance professional and should not be relied upon for any such purpose. Although we endeavor to provide accurate and timely information and use sources we consider reliable, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future.
Managing cyber across six featured risk themes.
This year’s report is a guide for leaders to benchmark their organization’s risk maturity against peer companies and to help make better decisions around managing cyber across six featured risk themes: cyber, operational, supply chain, insider, reputational, and systemic.