Three Lessons Learned From the Riviera Beach Ransomware Attack
saginaw bay underwriters employee benefits
How Employers Can Respond to Record Health Care Costs
August 15, 2019
Cybersecurity Learnings From Top-Ranking Military Official
September 25, 2019

Three Lessons Learned From the Riviera Beach Ransomware Attack

Show all
saginaw bay underwriters insurance

The Unfortunate Example of Riviera Beach

Riviera Beach, a small Florida city of approximately 35,000, is the most recent unfortunate example of what can happen when a municipality, business or organization is the victim of a ransomware attack.

In this case, a city police department employee unwittingly opened an infected email attachment sent by hackers, which immediately paralyzed the city’s email, phones, utilities, payment applications, etc. After struggling for a month to restore and repair the systems, Riviera Beach ultimately agreed in June of 2019 to pay the ransom of 65 Bitcoin (about $592,000 at the time) being demanded by the hackers. All indications, however, are that the ultimate cost of this event will be far greater.

Larger municipalities and companies have experienced even costlier ransomware attacks recently, including the city of Baltimore, which recently paid $18 million to repair a similar breach. What’s worse, there’s never a guarantee that hackers will release data or unlock systems in these kinds of cases, even when a ransom is paid.

Three Lessons Learned for Small Businesses and Organizations

So, what are the lessons to be learned from this recent ransomware attack?

It can happen anywhere, at any time, to anyone

Keep in mind that 40% of cyberattacks target small businesses (less than 250 employees) and that more than half (53%) of U.S. businesses have experienced a cyberattack in the past year. Even news of larger breaches – such as the Riviera Beach or Baltimore attacks – should be a reminder that cyber risks are risks for all of us.

Phishing is one of the most significant risks to address

Any time hackers disguise their identity and motives to lure an individual or organization into giving them confidential information, computer access, or even money, that’s something called social engineering.

Phishing – typically done via email – is one of the oldest forms of social engineering, but increased more than 500% in 2018 alone, making it one of today’s most significant cyber risks. The Riviera Beach attack was initiated through a phishing email.

Why is phishing a particular problem? Mainly because it’s simple and increasingly lucrative for hackers, and because it relies on human trust and error – both in plentiful supply.

Effective training is the first and best defense against a phishing attack

 Employees of a business, company or organization need to be trained on understanding, recognizing and avoiding phishing attacks. This training should be comprehensive, consistent and ongoing.

Here are some good steps and best practices:

1. Teach employees that a successful phishing attack can debilitate and even cause a business to completely fail. Examples like the Riviera Beach attack and similar cases are very helpful in this regard.

2. Teach employees how to spot a phishing attack. There are many tools and methods to help with this task.

3. Teach employees to avoid attacks through cybersecurity best practices. Examples include:

  • Don’t trust an email based solely on supposed source
  • Don’t rely on images or logos as indicators of authenticity
  • When emails have odd tone, generic greetings or irregular English, be suspicious
  • Be suspicious of enticing, aggressive, “take action!” type subject lines or content in an email – especially if the mail is urging you to click a link or open an attachment
  • Don’t click on any links without first hovering your cursor over the link to verify its URL
  • Never send sensitive personal or company information via email

Making the Complex Simple

Even with these lessons learned and acted upon, cyber risks will continue to be an issue for any company, business or organization. Knowledge and prevention is key, but inevitably the right advisor and the right insurance coverage is still a necessity.

Leave a Reply

Your email address will not be published. Required fields are marked *

WordPress Lightbox Plugin