By Rajesh Ram, Chief Strategy Officer at Egnyte
The impact of ransomware attacks on businesses is twofold. Not only do businesses have to grapple with the impact of actual attacks, but they also must continue to prepare for the possibility of additional attacks. While many equate ransomware with encrypted files and potential ransom payments, the consequences go even further in terms of the costs and requirements of an organization.
The Dangers of Ransomware Attacks
An immediate consequence of a ransomware attack is extended downtime. This can severely affect an organization’s operations, with a typical attack resulting in about three weeks of downtime. In particular, businesses that are schedule driven, such as construction, can be extremely impacted.
Ransomware attacks can also damage brand reputation — nowadays, even unsubstantiated claims of an attack will make headlines. What’s more, ransomware is considered a gateway for cyberattacks. Once one attack occurs, bad actors tend to further exploit a company’s vulnerabilities and continue to target the company.
From a budgetary standpoint, ransom payments and cyber insurance premiums have continued to rise over time. Recent research found that 47% of mid-sized organizations experienced premium increases of 76% or more in the past year. Even though this can damage companies of any size, smaller organizations and startups in particular can feel the financial impact.
Best Practices for Prevention
While the easiest way to prevent ransomware is to avoid being a victim in the first place, that’s not a position anyone can guarantee. Still, there are several best practices companies can follow to better protect themselves. Let’s take a look at a couple of ways that organizations can stay one step ahead of an attack.
Organizations should develop a comprehensive incident response plan. A fully developed, flexible incident response plan is one of the best ways for companies to ensure security preparedness. The plan should carefully document security controls and include proactive steps to manage supply chain partner risk. Any incident response plan must be flexible and able to adapt to rapidly-changing circumstances, so it’s important to routinely update processes and incorporate real-time, always-on monitoring of critical data. Cyber attacks are evolving so rapidly that present defense methodologies may be obsolete as soon as 2023, which is why routine updating is so important.
Along with a well-designed plan, organizations need internal safeguards in place. While it may seem overly cautious to some, organizations must assume that everyone is a potential insider threat. In 2021, an average of 3.98+ million people voluntarily left their jobs per month in the U.S. Before resigning, employees have access to their company’s sensitive data, which, if in the wrong hands, could easily be taken to a business competitor or provided to users who don’t have legitimate access to the data in the first place. Additionally, new employees might not know all of the organization’s procedures and policies and will take time to fully get up to speed. Therefore, they are more likely to create an unintentional risk for the organization.
Organizations can protect themselves against insider threats by leveraging technology that analyzes unusual behavior around sensitive data (e.g., customer lists, product release plans, and financial records), especially when users download a higher volume of files than normal. This way, IT teams can be alerted about potentially malicious activity and take action as soon as possible.
Furthermore, cybersecurity training must be an ongoing initiative for all companies, instead of annual refresher courses. Organizations should ideally train employees right after hiring, followed by shorter, targeted training modules every quarter. All employees should also be encouraged to “say something if they see something” when it comes to unexpected password or network access alerts, apparent phishing emails, and other suspicious activity. In order to combat outside attacks, an organization needs its internal workforce engaged, trained, and on alert to defend against the many directions from which an attack may strike.
If safeguards are developed properly and employees are thoroughly trained, this will help engender a culture of vigilance, where everyone does their part to keep the company’s data secure. Even the most advanced program will fail if the community isn’t engaged and involved. In light of more frequent, impactful ransomware attacks, defense strategies that include preparedness and widespread company cybersecurity training can go a long way.