My colleague Dan Callahan and I have written many, many posts on the scourge of ransomware. We’ve covered everything from recognizing the warning signs, various reports on the huge increase in attacks over the past year, and steps you can take to lessen the impact if it happens to you. And numerous articles on the importance of cybersecurity awareness training to keep it from happening in the first place.
But have you actually done anything about it at your organization? Have you heeded our warnings? If you haven’t, maybe it’s time for a wakeup call. Because the impact of a ransomware attack on your organization could be absolutely devastating.
Let’s take a closer look at what you could face.
Temporary – or permanent – loss of data
During a ransomware attack, a bad actor will encrypt an organization’s files, making them unusable. If a ransom is not paid, those files are often permanently locked. The organization would then have to regenerate the information from backup, if (and only if) it has prepared in advance for this scenario. However, even if the ransom is paid, there is still no guarantee that the criminal will provide a decryption key. After all, they’re not the most ethical folks. Case in point: Statistics have shown that of the SMBs that suffered a ransomware attack and paid the ransom, 1 in 5 still did not get any of their data back.
Some other statistics to keep in mind:
- 75% of ransomware victims lost access to data for more than 2 days
- 67% of organizations hit by an attack still permanently lost at least some of their data (even if the encryption key was provided)
Devastating financial fallout
Obviously, the payment of any ransom is a financial loss to an organization. Possibly a staggering financial loss. Researchers revealed that the average demand from ransomware gangs in the first half of 2021 was $50M, a massive increase from $847,000 in 2020. And the average actual ransomware payment so far his year has been $570,000, compared to $312,000 last year. But the loss is MUCH greater when you consider all the other potential consequences. A ransomware attack can severely affect the operating capability of an organization. Depending on their level of preparedness, it could take hours, days or even weeks to return to full operational capacity. (Insurer AIG notes in their Q3 2020 Claims Analysis that the typical outage length ranges from 7-10 days.) This might mean a complete halt to the organization’s productivity during the recovery.
Now let’s add on to those losses the cost of new hardware or software to replace any permanently damaged items. And don’t forget the pricey legal repercussions that could come from having proprietary and personal information stolen (from staff at every level, clients, board members, donors). Insurance premiums could go up. A public relations firm might have to be employed to save the organization’s reputation. I could go on, but I’m sure you get the idea: The financial loss from a ransomware attack goes far beyond any ransom paid. All in all, according to a recent brief by the U.S. Department of Health and Human Services, the average total cost of repairing the damage from a ransomware attack, across all industries, was $1.85M over the past year.
I just mentioned the possible costs of hiring of a PR firm. That’s because suffering a ransomware attack and major data breach could adversely affect the reputation of your organization. Sure, this may sound like a case of “blame the victim”. But in fairness, some may view a successful attack as an indication of weak security practices. Even worse? Weak leadership. Proprietary details leaked about an organization, its employees or its donors could bring a catastrophic blow.
Keeper Security, the makers of a top password manager software, surveyed 2,000 employees across the U.S. whose organizations had been victimized by ransomware in the prior 12 months. Here’s what they found:
- 71% of respondents reported that the changes their employers had to make during the rebuilding of systems disrupted productivity. 64% of those lost login credentials or documents; 83% said they lost significant amounts of work time due to repetitive logins (not being allowed to save their credentials), computer restarts and software updates.
- As you can imagine, the disruption caused by both the attack and subsequent system overhaul left staff in desperate need of IT help. Yet, 36% of those surveyed said they couldn’t get that help, since their IT staff were tied up in the ransomware recovery process.
This kind of internal chaos is terrible for employee morale. Yet another impact of ransomware you may not have previously considered.
Preparedness can’t wait!
Nearly a third of companies in the Keeper Security survey reported that they had no idea what ransomware was until their organizations were hit by it. This indicates that cybersecurity training had not been provided — at least not to an adequate degree. This is concerning because the vast majority of ransomware attacks are the result of social engineering schemes. As IT professionals know, employees are the last line of defense against these attacks. Yet they can’t defend against what they don’t know! So beyond being proactively prepared for this type of incident by shoring up your technical infrastructure and policies, it is critical that your staff have substantial and ongoing cybersecurity awareness training.
The bottom line is that if you do not want your organization to become one of these statistics, the time to prepare for a ransomware attack is now. (But really, it was yesterday. So please don’t wait any longer.)