Lessons Learned from the CNA Ransomware Attack
Ransomware headlines may focus on the Colonial pipeline; however, there are recent attacks that demonstrate how much money and time is involved. Two anonymous sources noted a large insurance company, CNA Financial Corp., paid $40 million a few months ago to get its systems and data operational after a ransomware attack. Although CNA attempted to restore from backups, it opened negotiations with the hackers after a week of unsuccessful attempts to bring operations back online. The dollar amount paid is easy to calculate; however, how much does it cost to not be operational for a day, week, or month?
The FBI does not advise paying to get the systems and data back. There is no guarantee the damage caused by the hackers can be undone or restored timely. In addition, the hackers could wait to infect the systems again if the entry method remains open. These attacks come in through tricking people and vulnerabilities in systems.
With the increasing amount of money paid and frequency of attacks, the right people, processes, and technology need to be in place to deter and address an attack. The FBI has provided several tips. Your team needs to be trained so it can prevent and detect an attack. You need a plan to restore operations after an attack within a comfortable time frame (time since operations went down) and point (latest data available prior to losing operations). All systems need to be properly set up and maintained to keep hackers out, and monitoring or preventive systems should be in place to identify when hackers try to break in.
BKD Cyber professionals can help train your team on methods and best practices for lowering your cyber risk, as well as how to appropriately respond to a cyberattack to mitigate your losses. Our training is tailored to various individuals across your organization, from employees to the board of directors. Please contact us using the form below or visit bkdcyber.com for more information.