As if businesses didn’t have enough to worry about with the current dodgy economy and ongoing global pandemic, now the ransomware gangs (yes, that’s a thing now) are coming for you.
Enterprise-level ransomware attacks were at an all-time high the first half of 2020 and, unsurprisingly, they are targeting vulnerabilities in remote access technologies. The three most popular intrusion methods of 2020 are unsecured remote desktop protocol (RDP) endpoints, corporate VPN appliances, and the tried-and-true email phishing scam.
Although RDP has topped the list of attack vector priorities for a while, the increased number of remote workers this year has provided plenty of additional motivation and opportunity for cybercriminals to up their game.
A successful ransomware attack is, at best, an inconvenience if caught and stopped quickly. But, left undetected, ransomware can negatively impact your bottom line in several ways.
Downtime
Downtime hurts your business in multiple ways. Today’s users demand 100 percent access to applications. Anything less, and you risk losing customers. Then there is the more direct effect on your bottom line: If users can’t get to your products or services, you lose out on sales revenue.
Customer Confidence
Here’s a sobering statistic: 70 percent of consumers in a recent Arcserve study don’t trust you to keep their data safe, even if your company didn’t do anything to lose their trust. The same study found that 25 percent of consumers will abandon a product or service and switch to a competitor after only one ransomware-related service disruption.
Business Operations
When ransomware shuts down a manufacturing control system, it has repercussions up and down the supply chain. This causes a negative financial impact on not only the infected company but also all the companies that rely on their product. Take for example Tower Semiconductor Ltd. This Nasdaq-listed wireless chip and camera sensors manufacturer was hit with a ransomware attack that forced it to halt production in some of its manufacturing facilities, at the cost of millions of dollars.
Productivity
Employees can’t work if they can’t access business-critical applications and data. If employees can’t work, they can’t generate revenue by selling or creating products or providing services. Overhead costs are still due regardless of whether your network is inoperable due to ransomware, so extended downtime can result in a lot of cash going out and none coming in.
Security Audit
If you thought you had adequate cybersecurity in place and your organization still fell victim to a ransomware attack, it’s time to stop the guesswork. Hiring a third party to conduct a security audit after cleanup is an investment worth making because you will know where the holes are and how to patch them.
Liability
Whether a colleague in accounting clicked a bad link while surfing on her lunch break or cyberattackers found the hole in your VPN you forgot to patch, if your data is encrypted—or, worse, publicly exposed—you could be shelling out some cash for legal expenses. Your company can be held responsible for litigation costs, fines, and identity monitoring to compensate the users whose data was lost or stolen.
Compliance
Cyberattacks on healthcare organizations have been increasing exponentially every year, and for good reason. Personal healthcare data is worth more on the black market than financial data such as credit card numbers. Healthcare organizations must comply with many regulations governing the protection and use of patient data. A successful ransomware attack could involve steep regulatory fines for noncompliance.
Data Loss
Losing data because of a ransomware attack is always awful. But losing irreplaceable, mission-critical data can bring an enterprise to its figurative knees. There is some data that you can’t put a price on losing, so hopefully you are protecting it with a comprehensive backup and disaster recovery solution. Otherwise, you can expect an expensive restoration project to recreate your data and systems.
Ransom Payments
Although cybersecurity experts advise against paying ransoms, the reality is that some victims do in the hopes of speeding up recovery or preventing further damage. For example, the University of Utah recently paid a ransom of almost $500,000 to potentially avoid faculty and student data being exposed to the public. Paying a ransom doesn’t guarantee the ransomware operator will hold up their end of the deal, so it’s better to look for alternative resolutions.
Now, more than ever, it’s crucial to take measures to protect your organization from ransomware and data loss. Businesses of every size are being targeted with ransomware attacks, and the direct and indirect consequences can be devastating to both your organization’s bottom line and its reputation.
If you don’t have one already, it’s a great time to kick-start a business continuity and disaster recovery initiative to ensure you can maintain normal-ish business operations during a crisis and get data restored quickly with 0 percent loss. The best way to combat cyberthreats is to implement an integrated cybersecurity and data protection solution that not only detects and prevents attacks but also offers a strong line of defense against data loss.
Protecting your bottom line is a top priority during and after a ransomware attack. To learn more about how cyberattacks damage more than just your data, read Ransomware's Stunning Impact on Consumer Loyalty and Purchasing Behavior.