Ransomware incidents are rising during the pandemic as cyber criminals take advantage of more online activity caused by Covid-19 disruptions, according to a joint bulletin from the National Cybersecurity Alliance and PCI Security Standards Council.
According to the Feb. 10 report, ransomware attacks cost the world $20 billion and hit nearly 40 percent of businesses and organizations last year. The groups expect these incidents to continue to rise even after the pandemic ends. “Small businesses and nonprofits are attractive targets because they typically lack the security infrastructure and resources of larger businesses,” said Lisa Plaggemier, executive director of the National Cybersecurity Alliance.
The report correlates with previous U.S. government findings: The Financial Crimes Enforcement Network reported in November that $590 million in ransomware-related suspicious activity reports had been filed in the first six months of 2021, compared to the total in 2020 of $416 million.
According to the National Cybersecurity Alliance and PCI Security Standards Group, to prevent ransomware attacks related to payment security, businesses should:
- Identify and secure the most important and valuable data.
- Develop a plan that educates employees on the best ways to avoid those types of attacks.
- Test systems on whether they could easily withstand an attempted break-in and what hackers could access if they enter the network.
- Use the “patches” vendors send to fix problems in payment and other systems.
- Investigate suspicious or unauthorized/unapproved changes.
- Test the integrity of physical and virtual backup systems and recognize.
Also, businesses are advised to identify contact information. “This should include formal processes for identifying all sensitive data potentially exposed during the event, so that this can be considered compromised — regardless of any restoration or remediation processes,” the groups stated.
The National Cybersecurity Alliance, founded in 2001, is a nonprofit, public-private partnership promoting cybersecurity awareness. The Payment Card Industry Security Standards Council was formed in 2006 by Visa, MasterCard, and other major credit card companies.