Ransomware is one of the most prevalent forms of malware. It encrypts data, with the malicious actors behind the attack demanding payment for the data to be released. The most prevalent ransomware variants often “double-dip”, charging a ransom to decrypt data and then publishing that data on the dark web for other cybercriminals to use.
Paying the ransom is never a guarantee to restore encrypted data, as cybercriminals operate in bad faith, and can often mean the target is labelled as a “high-value customer”, inviting further attacks.
Ransomware has become more of a threat with the rise of remote working as the “attack surface” of many organisations has expanded to include the homes of their workforce.
Impact
In 2020, the average ransom payment made was £570,000, according to a report from Palo Alto. This cost alone is high, but it does not cover the full extent of the impact on a targeted business. The total costs of an attack extend to reputational damage to the affected organisation, disruption of business operations, potential regulatory fines, and loss of data, meaning that they are often significantly higher than the ransom alone.
- Reputational damage is perhaps the most intangible impact, but an organisation’s reputation can be critically damaged by a major cyber-attack. Typically this comes in the form of loss of trust from customers, thus putting future sales at risk.
- Disruption of business operations during the attack can lead to significant financial impacts, with major system outages and the inability to access business-critical data.
- Regulatory fines present another direct financial impact on targeted businesses. If an attack is not handled properly, or cyber defences are found to have been below expected standards, the target may be found to be partially liable for the attack and fined accordingly.
- Loss of business-critical data can significantly increase recovery time after an attack. Additionally, exfiltrated data is often published on the dark web or sold to other malicious actors, meaning personal information about employees, business-critical data, and credentials can be made public after an attack.
How can an organisation reduce the risks?
- Training and awareness – many cyber-attacks rely on exploiting the human element in an organisation. Embedding a strong culture of security can reduce the risk of a successful social engineering attack.
- Phishing is one of the most common attack vectors for a ransomware attack. As such, phishing exercises - which can show how staff respond to such attacks – can be an effective method of determining whether employees are sufficiently aware of how easily they can be exploited in an attack.
- Multi-factor authentication can prevent many methods of attack as even if a malicious actor manages to steal valid credentials, they will be unable to log in to critical systems without employing more sophisticated methods.
- External validation and assurance of your organisation’s cyber security policies and system can demonstrate key gaps and provide a basis for developing a security improvement programme.
Get in touch
If you need help understanding if your current cyber security policies and systems are fit for purpose when it comes to your business, please contact us through the form below.
Get in touch