Part II of our blog series on the rise in ransomware series examines the key takeaways from ransomware attacks and how companies globally can protect their PHI, PII and payment data using a mix of encryption and tokenization – so that if a ransomware attack does occur, no clear-text data can be leveraged for a payout. Learn more about the cause and effect of ransomware, 2021 attack trends and some of the highest profile ransomware attacks of 2021 in Part I of our blog series, or download the full security brief today.
Key Takeaways from 2021 Ransomware Attacks
Among the key takeaways in 2021 are an appreciation of the surging costs of damages and new government initiatives to get them under control.
High costs: The costs of ransomware go beyond the price of the ransom payment, and include downtime, mitigation costs, rising insurance premiums and reputational damage. Ransomware damages averaged $4.62M in IBM’s Cost of a Data Breach Report, with mega-breaches carrying price tags as much as 100 times higher.
Government response: With the rise in ransomware attacks, the U.S. government has become more alert to the threat. In August of 2021, senior U.S. senators proposed legislation that would not only double down on protection against ransomware, but also sanction countries that harbor cyber criminals. The bill, called the Sanction and Stop Ransomware Act, would classify countries that cooperate with the demands of ransomware criminals as “state sponsors of ransomware.” It would also create tougher restrictions on cryptocurrency — a common form of ransom.
A number of attacks against research and healthcare facilities during the COVID-19 pandemic brought home the need to protect essential functions from ransomware attacks. In just one response, the U.S. Senate is now considering the Defense of United States Infrastructure Act, to strengthen cybersecurity within the nation’s infrastructure.
Protect Your Data from Ransomware
Until legislators can put these laws into action, businesses must take initiative to protect their own data from ransomware threats. Ransomware legislation is in the works, but that doesn’t mean you should wait for protection against potential data security threats. At Bluefin, we offer PCI-validated point-to-point encryption (P2PE) and tokenization solutions that ensure clear-text payment data, Personally Identifiable Information (PII) and Protected Health Information (PHI) stays out of your system and is securely stored.
PCI-validated P2PE for Payment Security
Bluefin was the first company in North America to earn Payment Card Industry (PCI) validation for our point-to-point encryption (P2PE) solution in 2014. P2PE is an encryption standard established by the Payment Card Industry (PCI) Security Standards Council (SSC) that requires card data be encrypted immediately upon swipe, dip, tap or key entry in a P2PE certified payment terminal and decryption done in hardware outside of the merchant environment.Learn more about P2PE
There are many payment encryption products on the market but only those solutions validated by the PCI SSC have met rigorous standards for encryption, decryption, key management and chain of custody for POS payments. Benefits include:
- PCI scope reduction: Reduce your PCI scope and annual attestation to a PCI P2PE self-assessment questionnaire (SAQ), with just 33 questions.
- Cost savings: Save time and money on security environments, including penetration testing, employee overhead and firewalls.
- Brand protection: Data breaches that expose consumer data damage the brand, lower consumer confidence and can cost millions.
ShieldConex for Data Security
ShieldConex® utilizes both hardware-based encryption and vaultless tokenization to secure PII, PHI and cardholder data (CHD) entered online. ShieldConex immediately masks sensitive data upon entry through Bluefin’s iFrame or API’s, ensuring that it never travels through a system or network as clear text, where it could be accessible in the event of a data breach. Benefits include:
Learn more about ShieldConex
- Flexibility: Select any data element that you want to protect, from social security numbers to health information, to CHD or ACH Account Data.
- Omnichannel tokenization: Generate the same format-preserving token across card type and utilize one common token to identify where and how your customers are purchasing.
- Cloud-based implementation: Quickly implement ShieldConex in 2-7 days with no costly on-premise installation or data storage requirements on your system.
- Merchant control: Maintain control of your Ecommerce page without processing or transmitting sensitive data with our iFrame API option.
Combined, P2PE and ShieldConex provide the most secure and holistic solution for ransomware payment and data protection. Download our full security brief on ransomware, or learn more about Bluefin’s products.