Loss of revenue, brand and reputation damage, employee layoffs and business closures were some of the effects of a ransomware attack, according to Cybereason.
Ransomware attacks can devastate an organization in obvious ways, most notably by preventing it and its customers or users from accessing critical data and resources. But such an attack can also have longer lasting and far wider consequences. A report released Wednesday by cybersecurity firm Cybereason looks at the different effects of a ransomware attack and offers advice on how to protect yourself from an attack in the first place.
SEE: Infographic: The 5 phases of a ransomware attack (TechRepublic)
“Ransomware: The True Cost to Business” was based on a survey of 1,263 cybersecurity professionals conducted by Censuswide in April of 2021 on behalf of Cybereason. The survey was designed to examine the business impact of ransomware, the latest trends in ransomware, and the shortcomings in ransomware preparedness among organizations.
First on the list of pain points is the actual ransom paid to an attacker. Some 35% of respondents who paid a ransom said they shelled out between $350,000 and $1.4 million, while 7% paid more than $1.4 million.
Next was a loss of revenue. Among those polled, 66% reported that their organizations were hit by huge revenue losses as a direct impact of a ransomware attack. The location, size and industry of those attacked played little or no role in the extent of the financial damage, showing that no organization is immune. Some 53% of the respondents said that they also suffered brand and reputation damage as a result of an attack.
People in an organization typically have to bear the brunt of a ransomware attack, and often that starts at or near the top. Some 32% of those polled said that C-level employees were forced or prompted to leave the organization as a direct effect of an attack. The financial ramifications of an attack forced 29% of the organizations surveyed to lay off employees. And in a worst case scenario, 26% of the respondents said that a ransomware attack forced their organization to completely shut down operations.
To pay or not to pay?
Organizations hit by ransomware face a key decision of whether or not to pay the ransom. Some may feel it’s their only alternative. However, paying a ransom is no guarantee that your data will be recovered or that you’ll be free from further attacks.
Among those who paid the ransom, 46% reported that they regained access to their files, however, some of all of the data was corrupted. Further, 80% of those who paid a ransom suffered another attack. Among those, 46% said they believe they were attacked by the same group, while 34% think the second attack came from a different set of criminals.
With double extortion and other crafty tactics involved in today’s ransomware attacks, the goal is to stop an attack from impacting your organization in the first place. Toward that end, Cybereason offers the following recommendations:
- Follow best practices for cybersecurity hygiene. This means quick and timely patch management, offsite data backups and employee security awareness training.
- Back up your critical data. Backup solutions are highly recommended as they can help with your recovery efforts following an attack. But remember that savvy cybercriminals can render your backups moot in many cases.
- Have the right level of cyber insurance coverage. This type of insurance can help you recover all or most of the losses associated with a ransomware attack as opposed to no recovery at all.
- Have the right security people and tools in place. You need to have the right security staffers with the proper skills and proper tools. This combination can block ransomware attacks or at least detect and mitigate them before they cause serious harm to your business.
- Deploy multilayer threat prevention. Make sure your layered defenses are deployed across all endpoints accessible on your network.
- Set up extended detection and response (EDR) solutions. These tools can scan your network for advanced ransomware attacks before they gain too great a foothold on your network.