Oct 6, 2021, 10:14 am, IT
Being held to ransom has become a global threat for businesses of all sizes and in all industries from education to big pharma to government institutions. This case study looks at how businesses can protect themselves from cyber-attacks through detection, protection and recovery.
Ransomware is expected to attack a business every 11 seconds by the end of 2021 – Steve Morgan, Editor-in-Chief, Cybercrime Magazine
No organisation is safe from ransomware.
“Global ransomware damage losses projected to reach $20 billion this year” (Cybereason,2021)
Ransomware is a form of malicious software (malware) embedded on your computers and mobile devices by an external party. The malware restricts access files and documents and threatens data loss or exposure unless a ransom is paid. This attack can affect your entire network and extend to your back-ups if they are not isolated.
“By 2025, at least 75% of IT organisations will face one or more attacks, as free-rein researchers document a dramatic increase in ransomware attacks during 2020, pointing to sevenfold or higher rates of growth.” (Gartner, 2021)
Image credit: Cybereason
Ransomware is the fastest growing type of cybercrime. It is predicted that it will cost $20 billion in damages in 2021, which is 57 times greater than in 2015 (CyberCrime Magazine, 2019). It is a highly targeted and extremely damaging form of attack, and no industry or country is immune.
With the introduction of remote working due to the pandemic, private network vulnerabilities and misconfigurations are becoming a common entry point for attackers. It is vital that all employees know how to recognise a potential threat and take steps to limit their own, and the business’s, exposure to malware.
Ransomware attacks impact on your productivity, data and finances in the short term and can affect your reputation, employee morale and ability to stay in business in the longer term. Let’s look at this threat in more detail.
Ransomware is a very dangerous threat to organisations given the increased use of AI and cloud storage. Even though the attacks have increased over the last five years, ransomware attacks are often misunderstood, which leads to inefficient prevention measures and weak responses to successful attacks. Ransomware attacks often include the following stages:
This process takes time. Attackers can spend up to 200 days in your system before deploying the ransomware to encrypt or steal any data, including backup data if it is not isolated properly. The impact of these attacks can be devastating, causing up to 21 days of downtime and months to recover from. In some cases, a full recovery is not possible at all.
From an operational perspective, an attack would result in your systems being shut down to isolate the ransomware. This means that no-one can work. In the case of an attack in the healthcare industry, patients cannot be operated on, medicine cannot be dispensed, and life-saving machines go off-line. On average, systems can be down for between 16 and 22 days – this can literally be deadly. Many businesses have had to retrench employees to survive, and some have shut their doors permanently.
The financial impact on business goes beyond deciding to pay or not pay the ransom. Costs include damage and loss of data, reduced productivity, continued disruption post the attack while restoring data, reputational damage and need to update or change systems.
The impact on business extends past the operational and financial impacts. Business may be faced with compliance issues which can result in fines or business closure. Personal data protection is legislated and when a ransomware attack breaches a business’s data, leaving individuals exposed, business will need to prove they mitigated the risk by having the right systems in place. If they cannot then they leave themselves open to prosecution.
Unauthorised access to personal data also results in a loss in customer confidence. Customers could choose to use a competitor if any data issues are not resolved timeously.
So, what can businesses do to protect themselves? Below are three steps for defending your business against potential ransomware attacks.
In summary, ransomware attacks can occur in any organisation, in any country – no-one is safe. The costs of an attack include damage to and loss of data, lost productivity during and after the attack, investigations, the restoration of systems and data, reputational harm, employee retrenchments and resignations.
To prevent ransomware attacks, businesses should have good cyber security measures in place, such as, isolated backups, robust authentication, email and URL scanning and filtering, and prompt patching. But one of the best prevention techniques before an attack sits in the human element. Many cyber-attacks begin with a phishing attack. Training employees to recognise and defend against these attacks is a vital preventative measure that is not fully utilised across all organisations.
“Security awareness training for employees is the most under spent sector of the cybersecurity industry” says Steve Morgan, founder and editor-in-chief at Cybersecurity Ventures.
Detect, Protect, Recover: How Modern Backup Applications Can Protect You From Ransomware, Nik Simpson and Ron Blair, Gartner, published 6 January 2021, https://www.gartner.com/doc/reprints?id=1-258HHK51&ct=210217&st=sb
How to Prepare for Ransomware Attacks, Mark Harris, Brad LaPorte and Paul Furtado, Gartner, published 20 November 2020, https://www.gartner.com/doc/reprints?id=1-26IYZ46A&ct=210615&st=sb
Ransomware: The True Cost to Business – Global Study on Ransomware Business Impact , Sam Curry, Cybereason, published 16 June 2021, https://www.cybereason.com/blog/report-ransomware-attacks-and-the-true-cost-to-business
The Caribbean And Ransomware: The Impact On Business, Hitachi Systems Security, 13 January 2021, https://hitachi-systems-security.com/the-caribbean-and-ransomware-the-impact-on-business/
Global Ransomware Damage Costs Predicted To Reach $20 Billion (USD) By 2021, Steve Morgan, 21 October 2019, Cybercrime Magazine, https://cybersecurityventures.com/global-ransomware-damage-costs-predicted-to-reach-20-billion-usd-by-2021/