According to the FBI, there has been as much as a 500% increase in the effects of ransomware on networks and IT infrastructure in the past few years1. In my work, I often see firms so involved in the technical aspects of these cybersecurity events, including what tools and widgets they can use to prevent attacks, that they don’t consider what recovery will actually look and feel like if, or more likely when, their organization is targeted.
The most common attack we see is ransomware – a staff member has followed a “funny” little note to a link and boom… the company’s files are encrypted and there’s a “nice” message from somebody deep in cyberspace asking for money in exchange for a decryption key to return the organization’s own data.
A CyberEdge ransomware survey shows that 28% of companies paid the ransom with some amount of success. About 17% of those surveyed paid the ransom and they didn’t receive the decryption keys that were offered by the perpetrators and were ultimately robbed of their money as well as their data. About 44% of companies don’t pay the ransom and fall back to recovery or often a scorched earth event. Approximately 11% of organizations that decide not to pay were unable to recover their data, and that’s brutal. 2 Another statistic we see is about 42% (sentinel one) of businesses that do pay the ransom don’t get the decryption keys or are unsuccessful in recovering.3 Some companies are large and capable enough to weather such a storm, but others have actually been brought to their knees, effectively taken out of business.
While these stats are sobering, there are a few steps you can take to prepare your organization for such an event.
- Proactively update your security posture – both in terms of policies and technology – to prevent an incident.
- Train your team at least annually in IT security awareness to limit exposure to phishing and other threats.
- Carry sufficient levels of cybersecurity insurance to cover a ransomware incident. More on this in my next blog.
2 http://cyber-edge.com/cdr/ CyberEdge’s sixth-annual Cyberthreat Defense Report
3 https://go.sentinelone.com/Q118_EMEA_Content_Ransomware-Research_Download.html SentinelOne 2018 global ransomware research