Published: July 15, 2021 on our newsletter Security Fraud News & Alerts Newsletter.
Those directly affected by the Colonial Pipeline ransomware attack earlier this year will tell you it hit home in a very real way. However, up until the attack, those same people would likely shrug their shoulders at the mention of ransomware. This high-profile hit that shut down 45% of the East Coast’s fuel made ransomware a household word. The way it played out made ransomware attacks a reality for U.S. citizens and provided a necessary wake-up call for industries of all types. The lessons learned are many, but mostly that much more needs to be done to keep ransomware at bay – and this lesson should never be forgotten.
Can Your Business Afford a Ransomware Attack?
According to various studies, there were 304 million ransomware attacks worldwide in 2020. The financial cost of an individual recovery was well over $700,000 last year, with a projected cost of $1.85 million this year. On average, it takes a victim 197 days to identify a ransomware attack, and nearly 70 days to recover after that. Also, putting a price tag on the damage to a company’s reputation after such an attack can be impossible to calculate.
Many companies choose to keep their fingers crossed as their approach to cybercrime protection – and we know that never ends well. Also, law enforcement and government agencies have yet to find a way to successfully tackle ransomware groups. The lesson here is that it takes a concerted effort with all involved to keep ransomware attacks from crippling businesses, critical supply chains, and other ripe targets like hospitals, entire cities, and financial services.
The FBI insists on victims not paying the ransom since it only encourages further attacks. There’s also no guarantee that criminals will keep their word and return the encrypted data after the ransom is paid. The lesson learned here is the importance of being prepared for these attacks.
Good backups are the key and storing them offline is critical. While every organization is different, some security experts recommend the 3:2:1 approach. That’s 3 sets of backups, utilizing 2 different media, and keeping 1 offline.
A company is only as strong as its weakest link, and employees are often the first line of defense against most cybercrimes. And since 94% of ransomware is delivered via email, regular and continuing cyber education for all involved helps prevent cyberattacks in general, including ransomware. Security weakness on the part of vendors and clients can also lead to attacks on a business. All considered, it’s in a company leader’s best interest to provide cyber education as an investment in their company’s future success.
Keep up to date: Sign up for our Fraud alerts and Updates newsletter
Want to schedule a conversation? Please email us at email@example.com