2018 saw headlines begin to circulate claiming that ransomware no longer represents the threat it once did. The perception that as malicious cryptocurrency mining grows, ransomware does not pose such a danger is unlikely. In fact, ransomware attacks rose 350% worldwide from 2016 to 2017 (Dimension Data, 2018) and it is still a very serious danger in the world of cybercrime, one with wide-reaching consequences.
ESET’s most recent whitepaper, entitled Ransomware: an enterprise perspective dispels these myths and shows why ransomware must not be underestimated. Providing guidance and expertise on what organizations should do to protect themselves, the whitepaper homes in on the true impact of ransomware attacks and the damaging effects of data loss on a business’ operations.
Despite the headlines and the focus on cryptomining as the newest cybercrime trend, organizations are still being hit by costly ransomware attacks. It continues to present a serious threat to businesses with ransomware representing 25% of cyber insurance claims in 2017 (AIG, 2018). And the consequences of this are huge; research from Intermedia shows that 72% of businesses hit by ransomware lost access to data for at least two days, with 32% losing access for five days or more (Intermedia, 2017).
The consequences of data loss
What does this really mean though? While businesses are often warned about ransomware attacks and data loss, the effects can be far wider-reaching than most companies anticipate, and the consequences can vary hugely depending on whether companies lose access to data for two days, five days, 10 days or more. The longer an attack endures, the greater its effects on revenue loss, reputational damage, loss of productivity through work disruption, and the scale of subsequent legal issues. Each of these effects will be magnified by the amount of time a company loses access to their data. While the various consequences ultimately all have financial implications, whether this is directly through impacts on current customers or indirectly through reputational damage, some also have the potential to change a company’s culture depending on how the organization is altered by the effects of the attack.
Data loss has wide-reaching effects, ranging from disruption to permanent business failure. And in the digital ages, time matters. If a company cannot perform adequately, news will travel quickly to its clients and negative publicity can be enough to damage a business’s reputation permanently. Data loss can also lead to the release of confidential information which can result in fines and even lawsuits.
Protecting your company
While it may be intimidating to even know where to begin, there are numerous ways a business can protect itself. In a digital working world that relies almost solely on email, the first line of defense should be filtering all mail for spam and phishing messages. This is something many companies already have in place, but it’s worth considering going one step ahead and blocking the use of attachment types that your business does not typically use and instead implementing a secure file sharing solution. Utilizing centrally managed endpoint protection software is important in order to enforce relevant security policies, as is prompt patching of operating systems. Finally, it should always be remembered that security is a shared responsibility, so make sure that your employee training is up-to-date, and workers know their role in fighting cybercrime.
As ESET’s whitepaper explores, ransomware is not on the way out and organizations have a lot of work to do to ensure they are keeping their data and, consequently, their businesses safe. To find out more about the effects of ransomware and what you can do to protect your company, take a look at ESET’s latest whitepaper Ransomware: an enterprise perspective.