Protecting your business from cyber criminals begins with understanding what ransomware attacks are, what you can do to prepare and how you can recover if you become a target.
Ransomware attacks are not limited to large companies or major infrastructures, leading to an increasing number of organisations being impacted globally.
According to cyber security company Deep Instinct, ransomware attacks increased globally by 435 percent in 2020.
“They do not care if you’re small, medium or large, it’s about monetisation at scale,” says Adam Evans, vice president of Cyber Operations and chief information security officer (CISO) for RBC.
“If you’re going to operate a business in this digital landscape, you have to educate yourself on how to protect your services,” Evans says.
Protecting your business from cyber criminals begins with understanding what ransomware attacks are, what you can do to prepare and how you can recover if you are targeted.
Ransomware is malicious software that locks all the files on your computer, preventing you from accessing them unless you pay a fee to have them released back to you. Or, put another way, it’s like someone moves into your house, changes the locks, and then tries to sell your own home back to you for a price.
Reported cases of ransomware have risen exponentially in recent years as criminals have grown bolder with each successful attack. Every time criminals get paid, they see more opportunities to make money. “They’ve almost been incentivised to focus on disruption because of the likelihood of payment,” Evans says.
Lindy Cameron, head of the UK’s National Cyber Security Centre (NCSC) has stressed the importance of the country’s cyber resilience to stop cyber attacks.
Speaking at the Royal United Services Institute (RUSI) Annual Security Lecture, Cameron urged both businesses and the public to take ransomware threats seriously.
Ransomware attacks are the key cyber threat facing the UK, says Lindy Cameron, NCSC
Travelex, a UK-based provider of foreign exchange services, reportedly paid $2.3 million (£1.65 million) in 2020 after cyber criminals infiltrated its network. It resulted in its systems going offline through a ransomware attack and the company subsequently fell into administration and had to be restructured with the loss of 1,300 jobs.
In April 2021, Colonial Pipeline Co. shut down 8,850km (5,499 miles) of its pipeline system in the U.S. for five days after being hit by a ransomware attack. Cyber criminals likely perceived an opportunity to cause mass disruption, which is another common motivator for these types of attacks. From a criminal’s perspective, the more disruptive the attack, the larger the ransom will be, and the more likely it will be paid.
Typically, a criminal organisation will pay a ransomware provider to use their “ransomware-as-a-service” (RAAS) technology to lock down a target company’s systems. In return, the RAAS vendor gets a percentage of the ransom that’s paid for every successful attack. There’s also usually a licensing fee that the criminal organisation paid to use the ransomware technology. The criminals that demand the ransom from the targeted business seek an amount that’s high enough to make a large profit but still reasonable to the victim to ensure they pay.
Colonial Pipeline Co. eventually paid a $4.4 million ransom to restore service.
The velocity and frequency of ransomware attacks will likely increase as groups in undeveloped countries with limited employment opportunities recruit members into the cyber crime economy, Evans says.
Though the number of threats may increase, small businesses can take steps to help prevent attacks or to minimise their damage.
“You have to prioritise based on the risks that you see and figure out ‘What are my critical information assets that I need to protect,’” Evans says. Whether it’s your intellectual property or your clients’ data, you should understand what criminals may target and protect those important assets first, he explains.
You should then develop a plan for recovery if your systems are compromised. “Once you’ve got your plan, it’s about practicing how you’re going to respond because when it happens to you, deciding in a time of crisis is not the time to do it,” Evans says.
Businesses should also identify and close any security gaps by engaging companies that could help restore operations in the event of an attack. “You want to get your services back up and running but you still have to go through the whole investigative process and make sure your environment is still safe to operate,” Evans says.
On average, it takes 16 days for a business to recover services in a ransomware attack, says RBC Chief Information Security Officer Adam Evans
Retaining customers in the interim is vital.
“Everybody is getting educated to a point now where they understand that these things happen pretty regularly. It’s about how you deal with it,” Evans says. “You can improve your relationship, or it can have a massive impact on your ability to do business and retain your customers.”
Evans points to a shipping company that lost its IT environment overnight. “The very first thing that was communicated was to ‘do what’s right for the client and we will figure everything else out.’ And that gave them a very, very simple kind of mandate to follow in the recovery activity.”
Ransomware attacks may be spreading, and they certainly can be daunting, but they don’t have to be devastating for small businesses. By being aware of a potential threat, and understanding how to prepare, business owners can speed up their recovery in the event of a ransomware attack.
RBC is committed to helping clients and their businesses stay secure and resilient. Through a dedicated cyber security website, you will find resources and best practices for how to protect your business.
To further support business clients, RBC has partnered with law enforcement agencies to identify the most common cyber security threats impacting small and medium businesses.
The Little Book of Big Scams also aims to increase awareness of cyber threats. Inside you’ll find best practices and simple steps you can take to safeguard your business and employees.
Business owners can also download the Cyber Security Crisis Management Template for Small to Medium Businesses. It lays out the foundations for proper crisis management and the steps to recovery if a cyber attack were to occur.
We want to talk about your financial future.
This publication has been issued by RBC’s Wealth Management international division in the United Kingdom and the Channel Islands which is comprised of an international network of RBC® companies located in these jurisdictions and includes RBC Europe Limited and Royal Bank of Canada (Channel Islands) Limited. You should carefully read any risk warnings or regulatory disclosures in this publication or in any other literature accompanying this publication or transmitted to you by RBC’s Wealth Management international division.
This publication has been compiled from sources believed to be reliable, but no representation or warranty, express or implied is made to its accuracy, completeness or correctness. All opinions and estimates contained in this report are judgements as of the date of this report, are subject to change without notice and are provided in good faith but without legal responsibility. This report is not an offer to sell or a solicitation of an offer to buy any securities. Past performance is not a guide to future performance, the value of investments and income arising can go down, future returns are not guaranteed, and an investor may not get back the amount originally invested. Countries throughout the world have their own laws regulating the types of securities and other investment products and services which may be offered to their residents, as well as the process for doing so. As a result, any securities or services discussed in this report may not be eligible for sale in some jurisdictions. This report is not, and under no circumstances should be construed as, a solicitation to act as a securities broker or dealer in any jurisdiction by any person or company that is not legally permitted to carry on the business of a securities broker or dealer in that jurisdiction. Nothing in this report constitutes legal, accounting or tax advice or individually tailored investment advice.
This material is prepared for general circulation and does not have regard to the particular circumstances or needs of any specific person who may read it. The investments or services contained in this report may not be suitable for you and it is recommended that you consult an independent investment advisor if you are in doubt about the suitability of such investments or services. To the full extent permitted by law none of the entities which comprise the international division of RBC Wealth Management nor any of their affiliates, nor any other person, accepts any liability whatsoever for any direct or consequential loss arising from any use of this report or the information contained herein. No matter contained in this document may be reproduced or copied by any means without the prior consent of RBC Wealth Management.
Clients of RBC Europe Limited may be entitled to compensation from the UK Financial Services Compensation Scheme (FSCS) if it cannot meet its obligations. This depends on the type of business and the circumstances of the claim. Most types of investment business are covered for up to a total of £85,000. For further information about the compensation provided by the FSCS scheme (including the amounts covered and eligibility to claim) please refer to the FSCS website FSCS.org.uk. Please note only compensation related queries should be directed to the FSCS. Royal Bank of Canada (Channel Islands) Limited is not covered by the UK Financial Services Compensation Scheme.
RBC Europe Limited is registered in England and Wales with company number 995939. Its registered office is 100 Bishopsgate, London EC2N 4AA. RBC Europe Limited is authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and the Prudential Regulation Authority.
Royal Bank of Canada (Channel Islands) Limited (“the Bank”) is regulated by the Jersey Financial Services Commission in the conduct of deposit taking, fund services and investment business in Jersey. The Bank’s general terms and conditions are updated from time to time and can be found at https://www.rbcwealthmanagement.com/en-eu/terms-and-conditions. Registered office: Gaspé House, 66-72 Esplanade, St. Helier, Jersey JE2 3QT, Channel Islands. Deposits made with Royal Bank of Canada (Channel Islands) Limited in Jersey are not covered by the UK Financial Services Compensation Scheme. Royal Bank of Canada (Channel Islands) Limited is a participant in the Jersey Bank Depositors Compensation Scheme. The Scheme offers protection for ‘eligible deposits’ up to £50,000 per individual claimant, subject to certain limitations. The maximum total amount of compensation is capped at £100,000,000 in any 5 year period. Full details of the Scheme and banking groups covered are available on the Government of Jersey’s website http://www.gov.je/dcs or on request.
Investment services offered by the Bank are not covered by an investor compensation scheme as there is currently no such scheme operating in Jersey, however ‘eligible deposits’ held pursuant to investment services may be protected under the Bank Depositors Compensation Scheme described above – for more information see the Bank’s general terms and conditions. Some of the products that the Bank might recommend to you could be registered overseas and may be covered by a local compensation scheme. Your investment counsellor will provide you with the details of any overseas compensation schemes (where applicable) at the time of making an investment recommendation.
Copies of the latest audited accounts are available upon request from the registered office. ® / ™ Trademark(s) of Royal Bank of Canada. Used under licence.