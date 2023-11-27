Ransomware attacks are on the rise, but experts say there are steps companies can take to avoid — or recover from — a breach.

Fidelity National Financial, a Jacksonville, Florida-based company that provides title insurance and settlement services for the real estate industry, revealed last week that it had suffered a cyberattack. These kinds of attacks are becoming more common, but there are steps companies of all sizes can take to mitigate the impact.

In a November 21 filing to the Securities and Exchange Commission, Fidelity National Financial said that “an unauthorized third party accessed certain FNF systems and acquired certain credentials.” The company also said it was working with law enforcement and cybersecurity professionals to address the incident, which resulted in disruptions to the mortgage-related services it provides.

The ransomware group BlackCat has claimed responsibility for the attack. BlackCat was linked to the Colonial Pipeline hack that caused gas prices to spike in the spring of 2021 and the hack of MGM Resorts earlier this year. According to the Federal Bureau of Investigation, the ransomware group, which is also referred to as ALPHV, had compromised more than 60 entities through March 2022. Ransomware attacks on companies continue to increase and evolve, according to experts. From January to June of this year, blockchain analysis firm Chainalysis identified $449.1 million in extorted crypto–$175.8 million more than during the same period last year–and the true numbers are likely significantly higher. Earlier this month, a U.S.-based subsidiary of the Industrial and Commercial Bank of China suffered a ransomware attack, disrupting Treasury markets in the U.S.

Government agencies discourage paying ransom, and the Cybersecurity & Infrastructure Security Agency offers resources for small businesses to improve their security practices. Still, most small and medium businesses are forced to close up shop after a ransomware attack, and many business owners say the guidance provided by government agencies is difficult to implement for businesses with limited resources.

Joe McMann, the head of cyberservices for Stow, Ohio-based cybersecurity firm and Inc. 5000 honoree Binary Defense, says companies should be particularly alert to social-engineering attacks, in which a person is tricked into handing over sensitive information. For example, a scammer might pretend to be a member of the company’s IT department, and ask for access to an employee’s computer. Along with educating employees to be aware of suspicious behavior, McMann suggests putting in place processes to make it harder for a breach to occur. For small businesses, that might involve scrutinizing the requirements to reset passwords, create new accounts, or access systems remotely. He recommends introducing “speed bumps” that make systems harder to access, such as requiring multifactor authentication to access email. Companies should also look out for anomalies, such as systems being accessed at odd hours or unusual data transfers.

Security experts such as McMann recommend following the principle of “segregation of duties,” or ensuring that certain important processes are broken into discrete parts that are handled and approved by different people or departments. That can help with both mitigating internal threats and limiting the damage if an outside party gets access to a business’s systems.