Protecting Your Investments From Cyber Attacks

This week (June 3, 2021), Reuters reported that Deputy National Security Advisor for Cyber and Emerging Technology Anne Neuberger sent a letter to corporations urging them to take critical steps to protect themselves from threats that she described as serious and increasing.

Hackers present a systemic risk to infrastructure, from electric grids to transportation systems. National security and economic risk is in the trillions in decades ahead. We’re as unprepared for this digital war as we were for the pandemic.

Examples of ransomware fees paid that have already been reported include the University of California at San Francisco ($1.14 million, June 2020), Travelex ($2.3 million, Jan. 31,2019), Brenntag ($4.4 million, May 2021), Colonial Pipeline ($4.4 million, May 2021), and CWT Global ($4.5 million, July 2020).

The U.S. travel services company CWT Global set a world record for the largest ever ransom payment after it handed over $4.5 million in cryptocurrency to hackers.

“Hackers are going after bigger and more high-profile targets because they know they can be successful,” Ekram Ahmed, a spokesperson for cybersecurity company Check Point Software Technologies, told technology news website Recode. “When there are headlines out there that the Colonial Pipeline actually paid $4.4 million in ransom, the ransomware business attracts new entrants.”

It’s not just a concern for large corporations. Nationwide insurance maintains that 55 percent of small businesses have already experienced a data breach, and 53 percent have had multiple breaches.

Following the revolution of remote workers (about which I wrote last time for Medium), some major companies are using money that they saved when they vacated office spaces and putting it toward cybersecurity. General liability insurance doesn’t usually include cybersecurity. Other insurance policies may include data compromise protection or identity recovery.

Cyber protection insurance protects a business against damage caused by a virus or computer attack and helps with the cost of restoring and recreating data.

Neuberger advises that companies test incident response plans and use a third party to test the security team’s work. She advises that companies invest in multifactor authentication, endpoint detection and response, encryption, and skilled security teams. Companies should back up data and regularly test systems, update and patch systems promptly, and keep corporate functions and production operations on separate networks.