Ransomware is among the greatest threats to cybersecurity currently facing businesses of all sizes and in every sector. When attacks are successful, they can cause major operational disruption, cost millions in ransom demands and IT repair costs, and for some organizations, the crisis can be existential.
Ransomware attacks work by infecting target systems with malware that when activated, locks the organization and users out of its systems. This denies them access to critical data and applications until a ransom is paid — a choice that, unfortunately, many victims feel they have to make. In many cases, there is also no alternative than to shut systems down to limit the impact of the infection, with an obvious knock-on effect to normal business operations, suppliers, and customers alike.
What Is a Ransomware Attack?
The scale of the problem remains alarming. Recent analysis has shown that there were over 300 million attacks in the first half of 2021 alone. This represents not only a new record high, but more than the total for the whole of 2020, and according to the Harvard Business Review, this year has seen a “dramatic increase” in ransomware activity.
It’s not just the volume of attacks that is the problem — cybercriminals are constantly shifting the focus of their efforts in an attempt to defeat existing reactive security technologies. The AV-TEST Institute, for instance, registers over 450,000 new types of malware and potentially unwanted applications every day. The longer term trends underline the point: Between 2012 to 2020, the annual volume of malware programs has risen from just under 100 million to over 1.2 billion.
The Crippling Cost of Ransomware Attacks
Ransomware generates some huge stats, particularly regarding the cost of putting it right, with industry analysis suggesting it will cost victims around $265 billion annually by 2031. Looking more closely at individual ransom demands shows that perpetrators are becoming more confident. For example, electronics giant, Acer, is reported to have been presented with a demand for $50 million when it fell victim to a ransomware attack earlier this year.
The list goes on. In May, Bloomberg reported that CNA Financial, one of the largest insurance companies in the US, “paid $40 million...to regain control of its network after a ransomware attack.” Car manufacturer Kia Motors was also in the news when hit with a $20 million demand, while one of the most concerning recent attacks was that on the critical infrastructure owned by Colonial Pipeline. With its data encrypted by the attackers, it was forced to halt distribution of vital fuel supplies and later paid a ransom of $4.4 million (some of which was later recovered) in order to regain access to its systems.
While there is understandable interest in these big ransomware payments, the wider disruption caused by an attack adds further to the cost of recovery. Research has shown that large US companies lose an average of $5.66 million a year to the disruption caused by ransomware attacks. However, ransom payouts account for less than $1 million of that average figure, with the remainder coming from the cost of infrastructure downtime and lost productivity.
Prevention Is Always Better Than Cure
The fundamental weakness many organizations have in their approach to ransomware is they rely on reactive cybersecurity strategies, or worse still, assume it will never happen to them. Instead, building a proactive ransomware strategy is key to improving levels of protection. This starts with organizational leaders who need to shift their mindset to deliver effective change.
One important idea is to move away from the reliance on cybersecurity insurance, which has grown significantly as victims look to mitigate the cost of an attack. There’s an ongoing debate about whether ransomware insurance payouts may even be causing attacks to increase, with cybercriminals now targeting organizations who are known to have cover. This includes questions about whether ransomware payments should be banned altogether.
Leaders should be building a strong cybersecurity culture where training and technology are combined to build a better all-round approach to defeating ransomware attacks.
To fight back, there’s also a lot businesses can do by focusing on more effective end-user awareness training. With nearly 90 percent of data breaches occurring as a result of human error, it’s important that users are aware of the dangers, but they should not be seen as the main line of defense. Instead, leaders should be building a strong cybersecurity culture where training and technology are combined to build a better all-round approach to defeating ransomware attacks.
Specifically, IT and security teams need to be given the tools to identify the major risk vectors associated with ransomware. These include attacks that hide malicious code within the documents and files that are shared in their billions every day. One highly proactive approach that is growing in adoption and importance is offered by Content Disarm and Reconstruction (CDR) solutions. This technology identifies and removes new and emerging file-based threats from files and documents in real time minimizing downtime and disruption often caused by reactive antivirus or sandboxing solutions.
Content Disarm and Reconstruction (CDR):
The most effective CDR solutions work by cleaning and rebuilding each file to match its ‘known good’ manufacturer’s standard specification — automatically removing potential threats. This simple approach ensures every document entering the organization is safe, without sacrificing productivity.
In an era where ransomware is becoming the defining cybersecurity risk to business health and success, those organizations who adopt a proactive stance will be much better placed to avoid the huge disruption and costs it often brings. That’s even more crucial for those organizations that understand it’s no longer a question of ‘if’ they will be targeted, but ‘when.’