No single action alone will protect a firm from cyberattack, but there are both simple and complex activities that can be undertaken to help firms resist attack and improve their resilience.

Employee training, security experts say, is particularly important.

“Organizations that have good patch management and backup processes are able to rebuild systems and get back to business quickly without having to pay ransoms.” - Jens Krickhahn

“People are the last wall of protection. If employees are able to identify phishing, they can avoid huge claims. IT security, technical processes and people go hand-in-hand when combatting the growing problem of ransomware,” says Allianz Global Corporate & Specialty (AGCS) regional cyber practice leader, Jens Krickhahn. “Only a few companies end up paying ransom demands, usually those that are least prepared. Organizations that have good patch management and backup processes are able to rebuild systems and get back to business quickly without having to pay ransoms. Training is particularly important.”

In two separate reports: The Allianz Risk Barometer 2021, and another report entitled Managing the impact of increasing interconnectivity: Trends in cyber risk, AGCS recommends that companies:

  • Have dedicated business continuity plans and training. Test your response plans.
  • Have good patch management and backup processes.
  • Keep software up to date.
  • Teach employees to log out of their devices when not in use.
  • Make clear distinctions between devices for business and personal use. Do not transfer work between the two.

A full overview of IT security measures can be found in the company’s report, Coronavirus: Staying Cyber-Secure Through the Pandemic.

Similarly, international specialty insurer, Hiscox Ltd. publishes the Hiscox Cyber Readiness Report. It recommends that companies work hard to do the basics well. In particular, they recommend that companies:

  • Invest in training.
  • Get management involved – make cyber security a top priority for executive management.
  • Identify every device.
  • Backup every device, and
  • learn from every breach.

“Experts are more likely to up their game following a breach through regular security evaluation, ensuring additional security and audit requirements are in place,” Hiscox’s authors write. The report also says experts will direct a larger proportion of their IT budgets to cyber security. “More of them plan to lift spending in every cyber-related area in the year ahead,” says the report.

Finally, for those concerned about ransomware, IBM Security publishes recommendations for responding to a ransomware attack in its 2021 edition of the X-Force Threat Intelligence Index. It suggests companies prepare for ransomware attacks by preparing for them well ahead of time.

  • Preparation is key, they say. “Implement and practice response plans for a ransomware attack, including blended ransomware and data theft extortion techniques,” says IBM Security.
  • Safely store data backups offline. These can enable an organization to recover more quickly and independently. It’s estimated by some that the cost of recovery can sometimes equal what cyber criminals demand when extorting companies, not including the cost of reputational damage, which often far outstrips the cost of data recovery.
  • Implement in-depth defense plans. “Use a multi-faceted approach, such as employing multifactor authentication on every access point into a network, ensuring endpoint visibility, proactive threat hunting, performing regular penetration tests to identify weak points in a network, and quickly patching and mitigating known vulnerabilities,” says the report.

“Every industry has its share of risks. The year-over-year shift in industry-specific targeting highlights the risk to all industry sectors and a need for meaningful advancements and maturity in cybersecurity programs across the board,” IBM writes in its X-Force report. “In 2021, a mix of old and new threats will require security teams to consider a lot of risks simultaneously.”