Today, the vast majority of businesses depend on IT infrastructure to run their daily operations. Unfortunately, hackers also understand just how valuable this infrastructure can be, which is reflected by the growing prevalence of cybercrime. The consequences of cybercrime can be severe, and more organizations are losing money as a result. Cybercrime refers to a crime that involves a computer and a network. The computer may have been used in the commission of a crime, or it may be the target. These crimes could lead to system outages, the loss of data, and the compromise of personal information - and it affects everyone, from individuals, to all types of businesses and industry, even government organizations.
A Few Statistics on Cybercrime
During the past few years, cybercrime has become more common. According to research published by CSIS, cybercrime cost companies close to $1 trillion in 2020. One specific type of cybercrime is ransomware. In a ransomware attack, a virus encrypts all files throughout an organization, rendering them unusable. Companies have to pay a ransom to free their files, which is costly - and costs continue to accumulate from loss of revenue, lost employee productivity, damage to your reputation and more.
A few statistics on ransomware include:
- More than half of businesses have faced a ransomware attack
- Half of all professionals do not believe that their organization is equipped to defend against a ransomware attack
- More than a quarter of businesses decided to pay a ransom to gain access to their data after an attack (although paying a ransom doesn't always guarantee data recovery)
- The average ransomware recovery costs for businesses have risen from USD$761,106 in 2020 to USD$1.85 million in 2021. These costs include the ransom payment, plus downtime, people time, device cost, network cost, lost opportunity, and other associated financial loss.
Because criminals are having so much success with ransomware attacks, the volume and sophistication of these attacks will continue to rise. Furthermore, due to the COVID19 pandemic, cybercriminals have been taking advantage of industries that have been hit the hardest, such as healthcare and education. Cybercriminals also see the pandemic as an opportunity to take advantage of employees that are now working remotely on their personal devices.
The Top Industries Being Targeted
When cybercriminals target companies using a ransomware attack, they usually target companies that do not have the security infrastructure to defend against such an attack. They also target companies who they believe will have a lot of confidential information. They do this because they can usually extract a larger ransom from the victim to protect this information.
The top industries being targeted by ransomware attacks in 2021 include:
- Healthcare companies, which have time-sensitive information they need to take care of patients
- Finance and insurance companies, which are responsible for protecting a significant amount of confidential information
- Government agencies, which have confidential information on a lot of people
- Professionals services, which might not be ready for such an attack
- Educational institutions, which frequently lack the technological capacity to defend against a ransomware attack
The truth is, there is no silver bullet to prevent a ransomware attack. Even the most protected and prepared businesses can fall victim to ransomware. However, businesses can take steps to lower their chances of falling victim to an attack.
What Businesses Can Do To Protect Themselves Against Ransomware Attacks
Clearly, ransomware attacks are a major threat and businesses need to take steps to defend themselves. A few key tips to keep in mind include:
- Understand the financial and non-financial impact that downtime could have on your business. Only when you know the potential costs can you decide how much to invest in your IT resilience plan. Use our simple downtime calculator to help you quantify the impact of downtime.
- Patch and keep your systems updated. This is to avoid attackers being able to exploit known vulnerabilities.
- Apply strict multi-factor authentication (MFA) wherever possible. This is to avoid brute force attacks.
- Implement Least Privilege. Restrict permissions and access to unauthorized devices. Only give someone access to certain files if necessary. This can reduce the risk of hackers gaining access to the entire network if they steal someone’s credentials.
- Protect your endpoints. Most ransomware attacks starts with a compromised endpoint, so it’s important to have proper security in place for the endpoints. Traditional antivirus is no longer enough so more and more organizations are adopting Endpoint Detection and Response (EDR) to be better equipped at stopping unknown processes/activities on a computer - which is important since ransomware is always adapting.
- Invest in a reliable and effective data protection strategy. If your infrastructure and data get encrypted by ransomware, it’s important to have proper data protection systems and mechanisms. There have been numerous cases where backup data has also been encrypted as part of the ransomware attack, so there are a couple of aspects to be considered. Firstly, backup services and systems should be "air-gapped' and "immutable" so that ransomware cannot directly access and overwrite (or change) the backup data. You should also follow the 3-2-1-1-0 Rule to ensure sure that you can successfully restore your data if needed.
- Run Tests Regularly. Companies need to test their digital defences, data protection and data recovery strategies regularly to make sure they identify gaps and fill them before hackers can exploit them.
- Organize a Response Team. Companies should also have a plan in place for exactly what they will do if they are hit by a ransomware attack. Understand who will make decisions and how the company will respond.
These are just a few ways to prepare for a ransomware attack - it is certainly not a comprehensive list. If you are interested in learning more, or if you have any questions on how to elevate your data protection strategy, why not schedule a brief meeting with one of our data protection specialists HERE. We'd love to hear from you!