Different types of information have different values on the Dark Web. According to research firm, Comparitech, personal information from typical Canadian citizens including social security numbers, credit card numbers, banking information, etc. sells for just $15.00 on average per record. How do they get into my network/systems/information? More sensitive information (including current login credentials for a PayPal account for example) will sell for hundreds of dollars or more. One way or the other, once information has been stolen, the digital thieves will find a market for it somewhere and retrieve some value from it, whether in cash (bitcoins) or in trade, bartering their stolen information for other stolen information they desire.

Ransomware is malicious software designed to make your computer inaccessible by encrypting all of the files and holding them hostage. If your computer is connected to a network, it will usually try to spread to any other computers on the network and infect their files too. The only way to decrypt your files is by paying a ransom and retrieving a decryption key. About 40% of the time, this works to get some/all of your files back, meaning 60% of the time, people decide to pay the ransom, they still don’t get their files back. Many companies choose to go to their backups instead of paying ransom, which will take some time, but is a safer option to ensure you get access back to your files. That’s assuming you have a backup, and assuming your backup is offsite and offline and didn’t get encrypted by the ransomware. The other trend with ransomware is that it’s not only encrypting the data, it’s also making a copy of all the data and sending it offsite to the hackers. So not only is your data encrypted and you can’t access it, they also have a copy of it, meaning they can demand a ransom to unlock your files AND a ransom to return the files they stole or at least agree not to sell the information or disclose it publicly.

Malware is loosely defined as software that, when installed on your pc, laptop, server, etc., does things that you really don’t want to happen. It could delete files, change your browser path, or create what’s known as a C&C (Command & Control) connection to an external server, allowing a hacker to connect directly into your PC without you knowing. It can run silently and hide in the background, stealing your banking credentials when you log into the bank. There are a plethora of different types of malware, suffice it to say, they are all bad to some degree, the best deterrent is a good anti-malware protection software on your PCs, and if possible, something at your firewall blocking the bad stuff from coming into the network entirely.

Viruses are bits of computer code that are designed to perform a specific purpose, as well as usually designed to propagate from one computer to another on a network. Anti-virus software is designed to detect these bad-behaving bits of code and prevent them from doing what they were originally designed to do. Anti-virus can run on the PCs themselves and can also run on a firewall scanning network traffic, or on a mail server scanning all of the attachments on emails. Ideally it downloads signatures which are basically lists of known virus behaviours on a regular scheduled basis, allowing it to detect new viruses soon after they are released.

If you get infected with ransomware, malware, get a virus that reeks havoc on your network, or someone breaks into your network and steals something or causes some type of damage, you’re going to have to figure out what went wrong, how they got in, whether they’re still in, what if anything was stolen, etc. All of this is usually done by cybersecurity experts, and they don’t work for free! That’s where your cyberinsurance policy kicks in: it can cover the cost of paying a ransom should you choose to do so, recovery costs from breaches, even cover the costs of having to contact everyone affected by a breach of your systems if required. As to whether you need it, that’s ultimately your decision, but we highly recommend that some type of cyberinsurance is a component of your incident response strategy, whether you’re a company of 2 or 2,000.

The difficulty to protect yourself is tied to a number of factors: how much data assets do you have that need to be protected, how many employees, how many locations, how many Internet connections, etc. The more complex your environment, the higher-profile your organization is, and the types of data you store, all have an impact on what it will take to adequately protect yourself. We talk about adopting a “Defense in Depth” approach which is where you don’t assume any single security solution is sufficient to protect you, but rather plan on overlapping solutions so that even if one fails, the next one is there to provide backup and prevent the bad guys from winning. An example of this might be a firewall that provides protection at the edge of your network, along with anti-virus/anti-malware/anti-ransomware running on your local user’s machines. Ideally the firewall keeps all the bad stuff out, but even if it misses something, the protection software on your endpoint is there to prevent the bad stuff from succeeding. Throw in backups of your key data sources offsite and offline, and you have an additional level of protection, even if both the firewall and the endpoint protection fail. The goal is to ensure that, one way or the other, you prevent where possible, detect where feasible, and have multiple ways to recover, just in case.

Protecting yourself and your company can take a lot of different approaches. Some of them are free and simply rely on open source tools, your knowledge and time, some one-time costs to purchase hardware or software, and some may choose ongoing costs to have a regular service in place. Whichever you choose (and you don’t have to choose just one, many companies have 1, 2 or even all 3 approaches in their organization), make sure you choose SOMETHING and understand what it is, and if it’s sufficient to protect the basics: your users, your network, and your data.

Detecting a problem allows you to become aware that something bad may be happening. Protecting your systems on the other hand, ideally prevents something bad from happening even if you have no way of detecting it. The two usually go hand in hand and are part of a good Defense in Depth approach to cybersecurity. Early detection of a problem can give you the opportunity to shut things down or block bad connections before someone is successful at compromising your network or systems. But in order to be able to respond, you need to have people or systems (or both!) in place to do something when bad behaviour is detected. As a small business, if you can’t afford to do both, invest heavily in protection first. Ideally your protection solution will have some detection and response capabilities built-in!