Major ransomware attacks were big news in 2021. This form of cyberattack occurs when malicious software encrypts victims’ data with the offer to unlock it only after a ransom is paid – usually in the form of cryptocurrency.
In July 2021, hackers halted business at more than 1,500 companies by exploiting security vulnerabilities in Kaseya VSA remote monitoring and management software. Companies using the software were locked out of essential files for more than two weeks, virtually held captive by ransom demands for $70 million. Kaseya eventually was able to unlock the files without paying the ransom, but substantial damage was already done.
Even without paying the hefty ransom demands, companies that fall victim to ransomware attacks face downtime, mitigation costs and significant reputational harm.
While the $70 million Kaseya demand, along with a May 2021 ransomware shutdown of Colonial Pipeline’s largest fuel pipeline network, made big news, hackers don’t limit their attacks to large companies and demands for millions of dollars. Businesses of
all sizes and individuals are at risk and falling victim every day.
Insurers have responded to these increased threats by increasing rates, imposing more stringent coverage limits. Companies that may have previously looked to insurance as a significant piece of their ransomware protection plan are finding insurance company
pullbacks making that option less appealing.
Frequent training of all employees and vulnerability testing are two essential methods for protecting against ransomware and other attacks. However, the Kaseya attack reflects how much risk comes from outside sources – software providers and other parties
with which companies exchange data.
Companies have also found increased exposure as a result of the increasingly decentralized working environment brought about by the pandemic. As more people work remotely on networks and systems that aren’t as easily controlled and monitored as the standard-issue
PCs and internal networks, cybersecurity threats abound.
Awareness of the most likely threats is the first step toward decreasing the risk of a catastrophic data breach. So, what are the biggest potential threats should shareholder services professionals know about, and what can they do to help minimize the
risk?
During SSA’s Cybersecurity and Shareholder Services webinar on Feb. 3, 2022, John Meakin from EQ and Jonathan Klein from Broadridge will examine ransomware, issuer and transfer agent supply chain risk management, and new workplace challenges resulting
from the pandemic. Register today.