The growing threat of ransomware in recruitment

Guest blog by REC accredited partner Marsh Commercial

The threat from ransomware - a form of cybercrime – first gained widespread notoriety in 2017 when an attack dubbed ‘WannaCry’ infected 250,000 computers in more than 150 countries, including the NHS in the UK.[i]  Since then however, the risks have increased significantly, with attacks doubling in the space of a year, leaving every industry under threat, including recruitment.[ii]

In simple terms, ransomware is a type of malicious software (malware) used by cybercriminals. Once installed, it encrypts a victim’s data until a payment is made to the attacker. What’s more, if the ransom payment is not made, the criminals often publish stolen data on the dark web as well as blocking access to computer systems in perpetuity.[iii]

The knock-on effects of these attacks can be significant. Lack of access to computer systems clearly impacts every aspect of day-to-day operations, harming productivity and revenue, but they also damage computer systems and damage reputations. Overall, it is thought that the average cost of dealing with a ransomware attack doubled during 2021 – rising from around £550,000 to around £1.3m – with the average ransom paid standing at more than £125,000.[iv]

To add to this, if the attack results in a leak of personal information – which may be a heightened risk for recruitment firms - further significant costs can follow, from the expense of dealing with the breach, to big fines from the Information Commissioner’s Office.[v]

Ransomware in recruitment

In recent months, ransomware attacks on recruitment companies have been in the news, with a number of firms reporting serious incidents.

For instance, in September 2021 administrative staffing agency Career Group was hit by a ransomware attack that led to the leak of personally identifiable information affecting 49,476 individuals.[i] In the same month, Giant, a workforce management software and support services firm supplying recruitment agencies worldwide, was affected by a similar incident.[ii]

Then, in December 2021, Finite Recruitment fell victim to a ransomware attack during which cybercriminals claimed to have stolen over 300Gb of data – including customer databases, contracts and financial data.[iii]

Given the potential consequences of being caught out, and the risk facing recruitment firms, it is now vitally important to understand how ransomware works and take steps to defend against attacks.

Ransomware: How it works

Every ransomware attack is different of course, but most follow a similar pattern – starting with unauthorised computer system access and ending with an attempt at extortion:³

1. Gaining access

Cyber-criminals will start by targeting your organisation using a range of techniques to gain access to computer systems. That could simply be a traditional ‘hack’ - exploiting a vulnerability to gain access - or could involve a phishing email campaign designed to trick employees into clicking on malicious links or attachments.

2. Malware installed

Either way, once the attackers gain access, they are free to install malware on your company’s computer systems. This malware can explore the system, for instance looking for further vulnerabilities or sensitive data.

3. Ransomware deployed

The cybercriminals use the access they have achieved to deploy a strain of ransomware which spreads across your network, encrypting files, locking down networks, disrupting your business, and potentially stealing large quantities of data.

4. Extortion

At this point, the attackers will demand money in return for a decryption key and/or stolen data. It is believed that around 32% of organisations affected by ransomware in 2021 paid the ransom - though only 8% of them were subsequently able to get back all their data.[i]

Five ways to reduce the threat from ransomware

 As with any potential business risk, prevention is better than cure – and, while no organisation can ever be 100% free from the threat of ransomware, there are some simple steps you can take the reduce the risk:

1. Training

Make cyber-security awareness a priority and run phishing email campaigns to help employees recognise attacks.  Start by downloading our interactive test and circulate to your team.

2. Backups

Segment backups properly to prevent malware from spreading and infecting them and follow the 321 backup rule, which states that you should have three copies of your data – two different backup formats, and one backup stored offsite and offline.[i]

3. Lock down remote desktop ports

Remote desktop ports are designed to enable access to a computer from a remote location and, if not secured correctly, can leave a door open for cybercriminals. So, close down remote desktop ports on all devices, or if that’s not possible, ensure that access is controlled by multi-factor authentication.

4. Multi-factor authentication

For any remote connection to the network or business application, require a password as well as a second factor – typically a security code delivered to a registered mobile device. This makes it more difficult for attackers to gain unauthorised access.

5. Patching and anti-virus

Patches are quick updates designed to fix or improve software functionality - and are often deployed to quickly shore up security vulnerabilities.[ii] It is very important to install patches as soon as they are available, so turn on automatic patching of your operating system and internet browsers if possible. Similarly, stay on top of anti-virus software updates, which are often released in response to new and emerging threats that can go unnoticed if the anti-virus software is out-of-date.

If you need more advice on reducing the risk of cyber attack on your recruitment business, listen to the podcast below featuring: 

• Fiona Barker, Cyber Account Director, Marsh Commercial
• Peter Stoll, Recruitment Division Director, Marsh Commercial

Ransomware and role of cyber liability insurance

The sad truth is that ransomware attacks have proven highly effective for cybercriminals and, as a result, they are becoming more sophisticated.² In turn, that means no organisation can be completely safe, so it is also important to think about minimising the impact if the worst should happen.

That is where a cyber liability insurance policy can be invaluable, providing comprehensive cover as well as access to a team of breach specialists to help address the incident at pace. The right cyber liability policy should cover liabilities across media, data security, viruses and hacking – as well as helping with the cost of computer systems restoration, customer notification, credit monitoring and legal fees when necessary

Our team has experience of dealing with cyber risk so, if you need support, advice, or further information get in touch.

1. https://en.wikipedia.org/wiki/WannaCry_ransomware_attack
2. https://www.theguardian.com/uk-news/2021/oct/25/ransomware-attacks-in-uk-have-doubled-in-a-year-says-gchq-boss
3. https://www.crowdstrike.com/cybersecurity-101/ransomware/
4. https://threatpost.com/true-impact-of-ransomware-attacks/168029/
5. https://www.itgovernance.co.uk/dpa-and-gdpr-penalties
6. https://www.securityweek.com/recruiting-firm-apparently-pays-ransom-after-being-targeted-hackers
7. https://www.contractoruk.com/news/0015214giant_group_hacked_suspected_ransomware_attack.html
8. https://blog.koddos.net/finite-recruitment-loses-300gb-of-data-in-ransomware-attack/
9. https://www.sophos.com/en-us/press-office/press-releases/2021/04/ransomware-recovery-cost-reaches-nearly-dollar-2-million-more-than-doubling-in-a-year
10. https://www.datto.com/blog/backup-strategy-what-is-the-3-2-1-backup-rule
11. https://heimdalsecurity.com/blog/what-is-a-software-patch/

REC is an Introducer Appointed Representative of Jelf Insurance Brokers Ltd trading as Marsh Commercial, which is authorised and regulated by the Financial Conduct Authority (FCA). Not all products and services offered are regulated by the FCA (for details see https://www.marshcommercial.co.uk/info/regulation/). Registered in England and Wales number 0837227. Registered Office: 1 Tower Place West, London EC3R 5BU. MC220225416