The word is out: insurance companies pay ransoms to cyber criminals. There is no “we don’t negotiate with terrorists” line drawn in the sand. Cyber security is breached, cyber criminals take over mission critical data, and insurers pay out on their cyber insurance policies. And business is good for these keyboard dirt bags!

Between 2018 and 2019, downtime has tripled from ransomware attacks, and cyber claims have increased four-fold between 2017 and 2019. The average downtime caused by ransomware was at 16.2 days as of 2019Q4.

Notice that professional services gets over a fifth of cyber attacks.

According to Microsoft, multi-factor authentication (MFA) can block account compromise attacks. What is MFA? Great question! It is the use of two or more authentication factors to verify a user’s identify before granting access, that engages at least two of the following:

  1. Something you know, like a password
  2. Something possessed, like a token or smartcard
  3. Something you are, like biometric scan of fingerprint

When is MFA needed? Another great question! When remote accesses is required, for those with administrative privileges, and of course, remote access to email.

94% of ransomware victims did not use multi-factor authentication (MFA), according to a recent study by a well known cyber security consultant. A recent client was gigged for over $400k due to a failure to use their own MFA policies. We can use all the high tech apps at our disposal, but the weakest links continue to be something someone does on the inside of the firewall.

— John Troxel, VRICyber