KEEP UP TO DATE WITH ALL THE IMPORTANT COVID-19 INFORMATIONCOVID-19 RESOURCE PORTAL

FANews
FANews
RELATED CATEGORIES

Marsh Provides A Ransomware Checklist: Does Your Business Incorporate These Best Practices?

21 September 2021 Marsh Africa
Spiros Fatouros, CEO at Marsh Africa

Spiros Fatouros, CEO at Marsh Africa

Cyber-attacks remain a top business risk year-after-year, increasing in frequency, severity, and sophistication. At the top of the cyber-attack list? Ransomware.

Ransomware has become an industry, and every organisation is a potential target. Attacks now routinely disrupt operations for days or weeks. Companies with poor cyber hygiene can become low-hanging fruit.

Cyber-attackers are constantly evolving their tactics and scanning corporate technology environments to identify companies with poor cyber hygiene, such as lax controls or unpatched software. The increase in attack sophistication shows no signs of slowing.

Planning is everything. Spiros Fatouros, Marsh Africa CEO shares best practices that your business can adopt.

Plan and test. Develop or update your existing incident response plan to include ransomware considerations. Once your incident response plan is in place and accounts for ransomware, put it to the test by practicing a hypothetical ransomware scenario.

Develop a decision-making framework. Use this to help analyse whether you can restore data and systems on your own and whether it makes sense to pay an extortion demand.

Establish ransom payment criteria. This includes the amount of the initial extortion demand, the threat actor’s track record of negotiating the initial demand downward, the threat actor’s history of providing working decryption code upon payment of the ransom, and an estimate of the length of time it will take to restore data and systems using the decryption code.

Ensure regular backups and periodic data restoration testing. Storing backup data offline and offsite in a secure manner can substantially expedite recovery from an attack. Businesses should conduct tests to confirm that backed up and restored data will work in a live environment.

Update your software. Patch regularly to maintain the security of applications and operating systems. Address all critical patches immediately.

Enhance security awareness. Cybersecurity awareness training for employees is an important cyber hygiene practice, as employees are the first line of defense against phishing attacks.

Consider ransomware as part of your organisation’s broader risk management efforts. Take into account your risk tolerance, cybersecurity controls, cyber insurance coverage, broader enterprise risk management programs, and value chain as you review and develop your ransomware plans and prepare for the possibility of an attack.

Transfer your risk. Risk transfer can help protect an organisation’s balance sheet and provide resources if risk mitigation tactics fail. Cyber insurance can provide comprehensive coverage for ransomware attacks, including for ransom demands, business downtime, and associated costs.

Quick Polls

QUESTION

Do you believe this is the toughest period for financial advice in many years?

ANSWER

Yes, it’s hard to navigate the challenges and difficult to adapt. I’m struggling.
No, I have managed to navigate the challenges and have adapted. I’m good.
50/50. I just feel like whether we like it or not, we have to ready ourselves for change… be resilient and scale for the future. It’s not about survival of the fittest anymore but survival of the quickest. We just have to move on with life.
fanews magazine
FAnews October 2021 Get the latest issue of FAnews

This month's headlines

IFA nuggets: Prospecting for clients
FSCA weighs in as universal life policy premiums rocket
No short cuts for the short term broker
Investment lessons worth sharing
Tightening of policy wordings… likely in the future?
Subscribe now