Calculating the true cost of a ransomware attack is a notoriously difficult task for businesses. There is the immediate cost of getting business operations up-and-running again but there is the reputational damage and break down in investor confidence to consider as well.
According to a Ransomware Victims Report carried out in 2021, over half (55%) of US-based IT decision-makers whose organisation had experienced a ransomware attack in the last two years chose to pay a ransom. The average payment was $223,000, with 14% paying $500,000 or more. In addition, these organisations spent an average of $183,000 on other costs directly related to the attack, with 37% of respondents paying at least $100,000 more.
For many businesses, this daunting figure of almost half a million dollars is just the beginning. 52% of the IT decision-makers said their organisation suffered substantial reputational damage following a ransomware attack. For publicly listed companies, this can seriously affect their share price. Just look at the high-profile Equifax hack of 2017. Following this, the company’s share price dropped by 31% and took two years to recover.
Smart attackers understand how important a company’s share price is to its board, which is one of the reasons ransom demands continue to increase.
The difficulty of keeping ransomware out
Ransomware is insidious, and once it enters an organisation it can spread like wildfire. Research found that in over half of successful attacks (56%), attackers gained control of their victims’ data and demanded a ransom within just 12 hours. In the case of phishing-led attacks, this figure rose to 76%.
Of the victims surveyed, 49% had perimeter defences such as anti-malware in place before the attack, 54% had invested in anti-phishing training for employees and 43% had implemented internal access controls. As these figures demonstrate, even organisations with robust cyber-attack prevention mechanisms can fall victim to ransomware attacks.
Unfortunately, paying a ransom does not guarantee that your data will be returned. As you can imagine, cyber criminals can’t always be relied upon to keep up their end of the bargain. In fact, only 57% of survey respondents who paid a ransom had all their data restored. Plus, cyber insurance is not the panacea that many think it to be. 79% of respondents had cyber insurance, which covered an average of just 60% of their ransomware payment and other costs. What’s more, 88% of cyber insurance holders saw a significant increase in their premiums post-attack.
A change in strategy
So, what can organisations do to protect themselves? The harsh reality is that businesses need to accept that it’s not a case of if they’ll fall victim to a ransomware attack, but when. As such, it makes sense for IT decision-makers to adopt a cybersecurity strategy that focuses on recovery as much as prevention. More specifically, organisations should have an immutable, or unchangeable, backup copy of their data. Put simply, an immutable backup uses WORM (write once, ready many) storage to prevent hackers from encrypting or deleting data for a specified period. Then, when an attack happens, organisations can quickly restore the uninfected backup copy without having to pay ransom.
Data immutability can now be easily implemented and run automatically as part of a standard backup process. This not only enables ransomware victims to minimise disruption and recovery costs but also helps break the cycle of ransomware payments funding further, more sophisticated, attacks.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.