Ransomware is one of the most destructive threats to business. If you are attacked, it will bring your operations to a sharp stop, freezing productivity and exposing you to a cybersecurity crisis that will suddenly take precedence over anything else.
With ransomware attacks on the increase, what do they mean for your business and how can you best prepare so that you can avert them?
What is Ransomware?
Ransomware is a malicious software attack that restricts or completely locks files on your business network and computers until you pay the attacker the ransom to access them.
The amount payable to release you from the cyber attacker’s grip varies. But it has been increasing. The average fee demanded went up from around $5,000 in 2018 to about $200,000 in 2020.
Some payments have been in the millions and one US insurance company reportedly paid $40m to a hacker this year.
Here are some of the consequences of ransomware.
Stopping Business in its Tracks
When you’re hit by a ransomware attack, you’re immediately unable to do business. You can’t service your customers, manage your staff or buy from business partners.
While many see it as ‘just a loss of business data for a while’, there can be much more serious ramifications. In the health field, for example, attacks have caused ambulances to be redirected, hospital treatments to be delayed and test results to be unavailable.
Aside from your computer files, ransomware attacks can also knock out your communications. You won’t have access to email – and your phone systems can be affected too. If you must then rely on pen and paper for a while, you risk becoming bogged down in inefficient manual processes.
It takes time to recover from a ransomware attack, which halts your everyday operations and stops you being able to trade.
Exposure of Data
Hackers have published sensitive data when ransom payments have been refused. In the US, this has included police data and information about children.
And in the private sector, your proprietary information too can be valuable to perpetrators. Data extracted by them can include your business’s intellectual property, your customer database, staff information, financial data and more. There is a risk that this could be exposed maliciously online or sold to your competitors.
The High Costs of Resolving an Attack
The costs of remedying an attack can be high. First off, there’s the ransom fee to be paid. About half of companies pay the ransom fee and with average costs in the region of $200,000, it’s no trivial matter, especially for small businesses.
Aside from the ransom fee, there are other costs to the business. Globally, the costs of ransomware are estimated to reach $20bn this year. Costs include the damage or complete loss of data, the downtime and absence of productivity while it is being sorted out, costs to investigate how the attack happened and to prevent future incidents, additional staff training and the costs from reputational damage.
Lasting Disruption to the Business
Once you’ve paid a ransom and restored your data, your troubles won’t necessarily all be over. Often the ransomware will have corrupted systems or files, sometimes permanently.
And once you’ve managed and removed the initial vulnerability, you will then need to institute new layers of security or harden your existing systems against future threats.
Reduced Budgets After Ransomware Payments
Companies don’t routinely allocate budget to a ransomware attack that cannot be predicted. So, when you pay a ransom, the profitability of the company will be impacted. The fee you pay needs to be sourced from somewhere, meaning it can impact the future budgets for departments across the business.
You can try to keep things quiet, but word of a ransomware attack will often get out. This can tarnish your reputation, leaving you branded as poorly prepared or not having adequate IT security.
It can also harm your reputation with your staff, who see you as less trustworthy. One survey found that 63% of staff had lost trust in their employers after a ransomware attack.
How Can You Protect Your Business Against Ransomware?
Much ransomware is deployed via phishing emails that encourage staff to click on malicious links. Employee training can reduce the number of successful phishing attempts. Staff should know not to divulge sensitive company information, the importance of having strong passwords and not to click links unless they are certain they are legitimate.
IT should see that systems and software are always kept up to date so that security risks are minimised. You should also put in place a solid cybersecurity and backup plan, ensure only verified sites are used to download software and deploy anti-ransomware tools and software.
Cloud technologies are also advantageous. Compared to on-premises systems, your valuable data is not stored locally and is backed up reliably by your provider. Cloud-based architecture is also less prone to vulnerability and harder to attack. Plus, if your files are encrypted by ransomware, your cloud provider will still have previous versions that can be restored.
If you’re worried about ransomware, consider switching to the world’s number one cloud ERP system, NetSuite. Accessible from any internet-connected device, it can free you from the threat of ransomware, keeping your data safe and secure. Contact us today to find out more.