A recent study showed that 51 percent of organizations were hit by ransomware in the last year, with criminals successfully encrypting data in 73 percent of those attacks. While the 2017 attack figure was slightly higher (54 percent), 2020 attacks were more sophisticated, focusing on select high-value targets rather than indiscriminate attacks with a lower chance of success.
Despite organizations becoming more cyber-savvy and restoring ransomed data from backups, ransomware has increased in popularity with attackers. The size of the organization doesn’t seem to matter as much as one would think, either. According to the same study, 47 percent of SMBs and 54 percent of enterprises experienced ransomware attacks.
The Steep Cost of Failure
A successful ransomware attack can bankrupt a small business and put a sizeable dent in a large organization’s wallet. Case in point: the average cost to remediate an attack exceeds half a million dollars for an organization of any size:
- Global: $761,106
- United States: $622,596
- SMB: $505,827
- Enterprise: $981,140
These figures take into consideration downtime, resource, device, and network costs, lost opportunities, and the ransom paid. As one might expect, about half of the remediation cost is the paid ransom. Organizations that paid the ransom spent an average of $1,448,458, while those that didn’t averaged remediation costs of $732,520.
How to Prepare for a Ransomware Attack
To help organizations better understand and combat ransomware, the FBI released a two-page fact sheet. It provides information on government efforts to fight ransomware, common infection vectors, best practices, the effect of ransomware on the public sector, and contact information to report incidents.
It’s a good place to start, but organizations need to take action. Avoiding a ransomware attack altogether is ideal. That is only possible if you develop a proactive ransomware strategy, including processes to identify and mitigate attacks that slip through.
Effective ransomware defenses are multi-layered and include:
- A formal policy and supporting procedures to back up systems, data, and configuration files. This is the number-one priority when it comes to recovering from a ransomware attack without paying the ransom. Backups should occur on a regular basis and be stored offline.
- A comprehensive disaster recovery plan (DRP). This isn’t a one-and-done, either; organizations should test and update their DRPs on a regular basis.
- An enterprise incident response plan (IRP). The IRP should cover all phases of the incident management lifecycle, including identification, prioritization, response, and “lessons learned” analysis. Like the DRP, the IRP should be tested in periodic tabletop exercises.
- End-user security awareness training. Make training mandatory for all employees, whether or not they work in IT, and track completion of training modules. Engage staff throughout the year with reminders, such as emails and posters, and/or refresher courses. Test the effectiveness of your training program by phishing users via a third-party service.
- Technologies and processes to monitor network traffic and security events on endpoints and servers.
- An endpoint detection and response, or EDR, solution.
- Periodic vulnerability scans of the internal network.
What Are You Waiting For?
Shoring up your defenses against ransomware requires effort and investment. Nonetheless, the upfront costs pale in comparison to the time and money you’ll expend mitigating a successful attack.
Not sure where to start? Consider engaging an independent consulting firm to perform a ransomware readiness assessment and help you implement the right technologies, policies, and processes to protect your business.
This article was originally published on LinkedIn. Click here to access the original.