Understanding and preventing these expensive cyberthreats
August 2020 | General Industries
BY CATHERINE RUDOW
The average enterprise ransom payment is $111,605.
205,280 organizations were affected by ransomware attacks in 2019.
The average cost for victims of ransomware attacks to recover more than doubled in the final quarter of 2019. According to a new report from Coveware, a typical total now stands at $84,116. That’s a little over double the previous figure of $41,198.
In today's ever-evolving and tech-forward world, cyberthreats are an unfortunate reality. Cybercrime impacts businesses regardless of their size, industry focus or cybersecurity budget. These threats are increasingly complex as cybercriminals deploy new and sophisticated tactics to exploit business networks for financial gain.
One common and damaging way cybercriminals target businesses is through ransomware attacks, which are among the most costly cyberthreats faced by organizations. In fact, by the first quarter of 2020, the average enterprise ransom payment was $111,605.1
The volume of ransomware attacks against commercial entities has increased significantly. Emsisoft, a security firm that helps companies hit by ransomware, reports that 205,280 organizations were affected by ransomware attacks in 2019 — a 41% increase from 2018.2 And while many organizations understand the importance of preparing for attacks such as these, few understand the mechanics of ransomware attacks and the true extent of the damage they can cause.
Ransomware refers to a type of malware that gains access to and encrypts a victim's systems, devices or files, locking users out of their own networks. Once ransomware has infected a network, the victim is forced to pay a ransom to regain access to their data or systems. If the demands are not met, the encrypted files remain unavailable, or data may be deleted.3 In more sophisticated schemes, attackers may exfiltrate data before locking systems, allowing them to extort even more from companies by threatening to disclose or sell their data if they don't pay.
Criminals can infect a business network with ransomware in a variety of ways, including tricking users into clicking malicious links in an email (i.e., phishing scams), taking advantage of poorly secured network ports or using "wormable" forms of ransomware that exploit network vulnerabilities. Victims are targeted through two types of campaigns4:
Opportunistic ransomware campaigns:Cybercriminals cast a wide net to gain access to a business's system. In these campaigns, ransomware attacks are mostly automated and are primarily spread through user-initiated actions. For instance, an employee could unknowingly open a malicious attachment in an email or visit a compromised website.
Many businesses wrongly assume they aren't attractive to cybercriminals, whether that's because they believe their operations aren't big enough to become a target or they feel the data they store isn't lucrative enough to seek out. The truth is that every business has some form of cyber exposure, and cybercriminals don't discriminate based on a business's operations or size. In fact, research has found that there is only a small difference in ransomware attack rates for small organizations (less than 1,000 employees) and larger organizations (more than 1,000 employees).6
Ransomware attacks are particularly harmful because businesses won't have access to critical data until they've paid up. Attackers may ask victims to pay anywhere from a few hundred dollars to millions of dollars before releasing ransomed data. Additionally, whether the ransom is paid or not, businesses have to contend with significant business interruption expenses, which have also been increasing in recent years. The average cost for victims of ransomware attacks to recover more than doubled in the final quarter of 2019. According to a new report from Coveware, a typical total now stands at $84,116. That’s a little over double the previous figure of $41,198.7
Even if businesses pay the ransom, there's no guarantee they will get their files back or that they will be returned in a usable state. Some data even suggests that paying a ransom often doubles the cost of dealing with a ransomware attack.6 Ransomware payments are typically completed using bitcoin or other cryptocurrencies, which are nearly impossible to track.5 Furthermore, once a business has been infected, they may face long-term reputational harm, have to pay a considerable sum for forensics experts to investigate their system, or invest in additional IT expenses to prevent future attacks. Thankfully, though, when it comes to ransomware, businesses aren't without recourse. Cybercrime victims or third parties can file an internet crime complaint with the FBI's Internet Crime Complaint Center.
To protect their operations, businesses should consider the following strategies recommended by the Cybersecurity and Infrastructure Security Agency (CISA)8:
Above all, companies need to have an incident response plan for ransomware and other cyberattacks. Plans should account for employee training and drills to ensure that staff members understand what to do in the event of a cyberthreat. Plans should also include clear communication strategies to ensure that key stakeholders can disseminate critical information during emergencies, especially while computer systems are compromised. Plans should also be reviewed regularly to ensure they account for the latest threats.
Businesses can prevent and mitigate cyberattacks by building a culture around cybersecurity. Employee training, investing in the right technologies and partnering with the right experts helps in this endeavor. The cyberthreat landscape is incredibly complex, and it's crucial for businesses to work with proven experts who understand the most common threats and the strategies that organizations should employ to safeguard their data and their business.
Businesses should also secure a cyber insurance policy that's customized to the unique needs of their organization. This policy should be reviewed regularly with their agent to ensure it addresses evolving threats and business practices.