Ransomware was thrust into the mainstream after the Colonial Pipeline cyberattack triggered panic buying and gas price hikes in many states.
As the pipeline company discovered, the obvious cost of ransomware was to pay a reported $5 million to have its data returned. But there are the not-so-obvious costs like the time it takes to recover from such an attack in terms of remediation — and reputation.
Organizations need to pay attention to these lesser-known factors, mainly because ransomware attacks are on the rise. More frequently, attackers charge a sum to provide a digital key to unlock the files and servers they have encrypted — and a separate ransom not to release any of the stolen data, according to PwC’s newly-released U.S. Digital Trust Insights report.
And 64% of CEOs expect a jump in reportable ransomware and software supply chain incidents this year, the report noted.
Lurking inside
Usually, criminals have already been on their network for weeks or months by the time a ransomware attack becomes visible. This gives them the time to gain access to a company’s financial information and familiarize themselves with different nuances of the inner workings.
So paying a ransom is just the tip of the iceberg. In reality, the ransom is only one cost; there are many more costs associated with a cybersecurity breach that businesses need to consider in terms of both financial and reputational.
For example, a new report from Webroot on the hidden costs of ransomware found that 40% of victims who suffered ransomware attacks had to spend eight or more hours to remediate. Such an attack also harmed the brand or reputation of 38% of respondents.
Another potential side effect is downtime/business disruption and angry customers.
Then there’s the havoc a ransomware attack wreaks on internal systems. “Companies that experience a ransomware attack — or for that matter any type of equally invasive malware infestation — **should assume that all credentials stored anywhere on the local network (including those saved inside Web browsers and password managers) are compromised and need to be changed,” wrote Brian Krebs, in a KrebsonSecurity blog.
Remediation costs
The average cost of remediating a ransomware attack more than doubled in the last 12 months, according to Sophos’ global report, The State of Ransomware 2021. Remediation costs, including business downtime, lost orders, operational costs, and more, grew from an average of $761,106 in 2020 to $1.85 million in 2021.
What this boils down to is that the average cost of recovering from a ransomware attack is now 10 times the size of the ransom payment, on average, Sophos says. The average total cost of recovery from a ransomware attack increased from $761,106 in 2020 to $1.85 million in 2021.
The average ransom paid is $170,404. Equally distressing is that the number of organizations that paid a ransom increased from 26% in 2020 to 32% in 2021, yet, fewer than one in 10 (8%) managed to get back all of their data, the Sophos report says.
Potential fines
And perhaps most alarmingly, the Webroot report notes that 46% of businesses said the attack also impacted their clients, and 45% were ransomware victims not just at work but also in their personal lives.
Other considerations are that organizations could face fines if certain types of stolen data are exposed for violating privacy regulations. These include the General Data Protection Regulation (GDPR) and California’s Consumer Privacy Act (CCPA).
Organizations are simply not prepared for an attack, nor do they fully understand the implications of these other effects.
More than half (54%) of respondents believe cyberattacks are now too advanced for their IT team to handle on their own, the Sophos report notes. This is where MSPs and managed security services providers (MSSPs) can provide significant value.
MSSPs can educate clients on how to protect their networks and endpoints and enable proactive measures like two-factor or multi-factor authentication. In addition, they secure the endpoints, provide training, help with security, disaster recovery, and remediation plans and provide backup, monitoring, and patching services.
In many instances, they will also provide penetration testing, which uses a third party to attempt to breach an organization’s network to test for any vulnerabilities.
It may be a hard pill to swallow, but the time has come to realize that it’s not so much a matter of if you’ll be attacked but when. If you can’t go it alone, get help from someone who has the expertise. It can cost you dearly if you don’t.