A gym with close to 1,000 clients was recently hit by a ransomware attack. The manager had bought some equipment and soon after received an email claiming there was an outstanding invoice with a PDF invoice attached. The manager tried to open the attached PDF but nothing happened, and carried on working. When he went back to the computer to access the document, the files were all locked, and a ransom pop up notice appeared, demanding payment to unlock their files. The attachment was a ransomware file that had infected the computer when it had been clicked on. The gym had not backed up or stored their data and so lost all their client records. To recover, the gym had to start from scratch to rebuild records while maintaining day-to-day operations like classes and personal training. CERT NZ advised the gym to secure its systems by backing all data regularly and installing antiservices. This case is included in the second quarter report of CERT NZ, and highlights the rising costs to enterprises from cybersecurity incidents. Financial losses reported between 1 April and 30 June were $6.5 million, up from the $1.7 million reported in the previous quarter. Of the 1197 cyber reports during the second quarter this year, 21 per cent reported some type of loss. Losing money is not the only impact businesses and individuals experience. Cyber incidents can also result in other types of loss like data, reputational and operational Rob Pope, CERT NZ “It’s evident that cyber incidents can result in financial loss,” saysCERT NZ director Rob Pope. “However, losing money is not the only impact businesses and individuals experience. Cyber incidents can also result in other types of loss like data, reputational and operational.” Rise of ransomware The report for the second quarter of the year highlights a 38 per cent increase in ransomware attacks from the three months. CERT NZ says ransomware incidents have remained steady since 2017, making up 2 to 3 per cent of total reports received. This quarter, CERT says it has received 22 ransomware reports. The attacks are mainly targeted at businesses, through email attachments or out-of-date software vulnerabilities. Small businesses are increasingly experiencing the impacts of ransomware attacks, and the consequences are not always financial, says CERT NZ. The gym, for instance, faced a reputational risk. The manager informed clients of the incident and that their files had been lost. CERT NZ strongly recommends not paying the ransom as it does not guarantee files will be recovered. It advises organisations to protect themselves from ransomware by: Keeping their operating system and apps up-to-date: Update to new versions when they’re available. You can set this up to happen automatically with major operating systems like Windows and MacOS, and common applications like Office. Making sure they back up their files regularly: You can use an external hard drive or cloud service. This includes the files on your computers, phones and any other devices. Installing antivirus software: Running antivirus software and updating it regularly helps keep your device safe. Sign up for CIO newsletters for regular updates on CIO news, career tips, views and events. Follow CIO New Zealand on Twitter:@cio_nz Related content feature 10 most popular IT certifications for 2023 Certifications are a great way to show employers you have the right IT skills and specializations for the job. These 10 certs are the ones IT pros are most likely to pursue, according to data from Dice. By Sarah K. White May 26, 2023 8 mins Certifications Careers interview Stepping up to the challenge of a global conglomerate CIO role Dr. Amrut Urkude became CIO of Reliance Polyester after his company was acquired by Reliance Industries. He discusses challenges IT leaders face while transitioning from a small company to a large multinational enterprise, and how to overcome them. By Yashvendra Singh May 26, 2023 7 mins Digital Transformation Careers brandpost With the new financial year looming, now is a good time to review your Microsoft 365 licenses By Veronica Lew May 25, 2023 5 mins Lenovo news Alteryx works in generative AI for speedy analytics results OpenAI integration and AI wizardry for report generation are aimed at making Alteryx’s analytics products more accessible. By Jon Gold May 25, 2023 3 mins Analytics Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe