Skip links

How to avoid the $1 million bill of a ransomware attack

Nicola Hartland

Your business will be targeted by a cybercriminal this year. That’s not an exaggeration, or even a scare tactic. Unfortunately, it is the harsh reality: 61% of mid-sized businesses (the most popular target for hackers) experienced a cyberattack last year. With incidents up in 2022 , the trend is clear. Invest in cybersecurity now or prepare to be held for ransom.

Ransomware is the biggest cyber threat facing businesses. Criminals use extortion software to steal your data or lock your computer and then demand payment (ransom) for its release.

Yet despite the clear warning signs, many businesses are just not taking the threat seriously enough.

Don’t just take my word for it. A recent CNBC survey found that over half of business owners believe they will never be the target of an attack. A similar number has no cyberattack response plan. This false sense of confidence is proving fatal, given nearly 60% of businesses shut within 6 months of a successful attack.

Leaders often don’t understand quite how much they need their systems and data, which is why so many C-Suites devalue its importance over other elements of their business. It’s staggering to me, therefore, that half of businesses still don’t have Chief Information Security Officers.

With attacks on the rise and public awareness of cyber at an all-time high, burying your head is no longer an option (not that it ever was).

The true cost of a cyber attack

A cyber breach is always costly, and in more ways than one. First, there is the part everybody knows about: The ransomware payment itself. Worryingly, payouts hit a record high of $541,000 last year.

Then there is the reputational damage. Will your clients want to continue doing business with you after you have lost their data?

The biggest cost, however, is the one that is discussed the least – downtime. It takes an average of 21 days for a business to get back up and running after an attack, costing around $1.3 million per attack, almost triple the ransom payment itself.

Most businesses have to shut down and wipe the infected systems, and then install an entirely new network, which includes adding the necessary cyber defenses to protect them from future attacks.

Imagine losing close to a month of work. Three weeks of missed deadlines and unanswered inquiries. Growth plans abandoned.

It is no wonder that the overwhelming number of C-suites decide to pay up when their company is infected, minimising this costly downtime. Adding insult to injury, two-thirds of companies that suffer a cyberattack are hit again within a year. The recovery process must include bolstering your cyber security.

 

Protecting your business and people

Understanding the threat is only half the battle, putting in place mitigation tactics is doubly important. These tactics come in two forms: 1) offensive and 2) defensive.

On the offensive, we at Falanx Cyber recommend using penetration testing on internal and external facing systems. ‘Pen tests’ are simulated attacks carried out by ethical hackers, to find where the weaknesses lie.

On the defensive, Managed Detection and Response (MDR) combines the talents of a team of security analysts in a Security Operations Centre (SOC) armed with sophisticated tools and AI to monitor for anomalies on a network 24/7, 365 days a year.

MDR also reduces the time it takes to detect and respond to threats. The sooner an incident can be spotted and fixed, the easier and cheaper it is to ensure the business continues to operate. It significantly reduces the cost, time, and effort in dealing with the fallout from a cyberattack.

C-Suites need cyber specialists in their court. Companies – particularly SMEs – don’t usually have the internal expertise needed to navigate through the cyber minefield. So, hire experts.

Also, invest in professional cyber training for your staff. Training empowers your team with the right cybersecurity tools to be your organization’s first line of defense. With almost 90 per cent of hacks due to human error, this is a brilliant way to improve overall security, empower staff, and build an internal security asset.

With the number of cyberattacks continuing to skyrocket, executives like you must see the writing on the wall. Not investing in cyber security is reckless, because eventually – in our digital world – you will be targeted, and your data will be held for ransom. And like others in your position, you will end up paying. But you can take major steps to prevent an attack from happening.

Build up your defenses. Your reputation as a leader and that of your organisation are on the line. The investment of time and money into offensive and defensive cyber security will always outweigh the long – and costly – road to recovery from a successful attack. Do it now, before it is too late.

Leave a comment