Many businesses wrongly assume they aren’t attractive to cybercriminals, whether that’s because they believe their operations aren’t big enough to become a target or they feel the data they store isn’t lucrative enough to seek out. The truth is that every business has some form of cyber exposure, and cybercriminals don’t discriminate based on a business’s operations or size. In fact, research has found that there is only a small difference in ransomware attack rates for small organizations (less than 1,000 employees) and larger organizations (more than 1,000 employees).6
Ransomware attacks are particularly harmful because businesses won’t have access to critical data until they’ve paid up. Attackers may ask victims to pay anywhere from a few hundred dollars to millions of dollars before releasing ransomed data. Additionally, whether the ransom is paid or not, businesses have to contend with significant business interruption expenses, which have also been increasing in recent years. The average cost for victims of ransomware attacks to recover more than doubled in the final quarter of 2019. According to a new report from Coveware, a typical total now stands at $84,116. That’s a little over double the previous figure of $41,198.7
Even if businesses pay the ransom, there’s no guarantee they will get their files back or that they will be returned in a usable state. Some data even suggests that paying a ransom often doubles the cost of dealing with a ransomware attack.6 Ransomware payments are typically completed using bitcoin or other cryptocurrencies, which are nearly impossible to track.5 Furthermore, once a business has been infected, they may face long-term reputational harm, have to pay a considerable sum for forensics experts to investigate their system, or invest in additional IT expenses to prevent future attacks. Thankfully, though, when it comes to ransomware, businesses aren’t without recourse. Cybercrime victims or third parties can file an internet crime complaint with the FBI’s Internet Crime Complaint Center.
How businesses can protect themselves
To protect their operations, businesses should consider the following strategies recommended by the Cybersecurity and Infrastructure Security Agency (CISA)8:
- Train employees on the different kinds of ransomware and what to look out for; employees should know how to spot potentially malicious links, attachments and websites, and understand how to report issues to their IT department
- Create a data backup and recovery plan for all critical information
- Block malicious IP addresses using firewalls
- Use application whitelisting to execute only programs known to be safe
- Patch networks and update systems regularly; vulnerable applications and operating systems are the targets of most attacks, and patching them reduces the number of entry points available to an attacker; businesses should also ensure that antivirus software is up to date and that they use strong spam filters to prevent malicious emails from reaching end users
- Restrict employees’ ability to install and run potentially malicious software; employees should be able to access only the systems required for their roles, ensuring that employees don’t have access to more data than they need, which can help businesses contain an attack more quickly should one occur
Above all, companies need to have an incident response plan for ransomware and other cyberattacks. Plans should account for employee training and drills to ensure that staff members understand what to do in the event of a cyberthreat. Plans should also include clear communication strategies to ensure that key stakeholders can disseminate critical information during emergencies, especially while computer systems are compromised. Plans should also be reviewed regularly to ensure they account for the latest threats.
Businesses can prevent and mitigate cyberattacks by building a culture around cybersecurity. Employee training, investing in the right technologies and partnering with the right experts helps in this endeavor. The cyberthreat landscape is incredibly complex, and it’s crucial for businesses to work with proven experts who understand the most common threats and the strategies that organizations should employ to safeguard their data and their business.
Businesses should also secure a cyber insurance policy that’s customized to the unique needs of their organization. This policy should be reviewed regularly with their agent to ensure it addresses evolving threats and business practices.