June 30, 2021 | 3 minute read
Ransomware attacks are on the rise. A recently released report by Cybereason, titled Ransomware: The True Cost to Business, detailed how malicious actors are fine-tuning their ransomware campaign tactics, and how both the frequency and severity of successful ransomware attacks have tremendous impact on victim organizations and their ability to conduct business.
It’s important to note that the implications from the disruption of critical business operations are shared across all industry verticals and organizations of all sizes, including small to midsize businesses (SMBs).
With all of the recent headline-making ransomware attacks against larger organizations who are likely to be more financially capable of meeting exceeding large ransom demands, the findings around the targeting of smaller organizations with fewer resources raises the question as to why ransomware operators are going after SMBs in the first place?
One of the central drivers of SMBs’ vulnerability to ransomware is misplaced confidence by the organizations themselves. The National Cyber Security Alliance got it right when it said that at least some SMBs simply think they’re too small to be of interest to attackers.
In a 2019 survey covered by CSO, for instance, 18% of SMB decision makers said that digital security was their lowest priority. Two-thirds of respondents justified this stance by saying that a ransomware attack against them was unlikely—despite 67% of SMBs having suffered a ransomware attack.
Such overconfidence creates a culture where a weak security posture and poor security hygiene by SMBs can actually make them more attractive to ransomware attackers. Going back to the study by Cybereason, a significant number of SMBs indicated that they do not have a specific plan or people with the right skill sets in place to address the risk posed by a ransomware attack.
As well, many SMBs are not as concerned about ransomware attacks because they also feel that their information is less valuable than that of larger organizations, but that’s simply not true - if it were, attackers wouldn’t see a financial incentive for targeting SMBs. In fact, the 2021 Data Breach Investigations Report (DBIR) confirmed that financial gain was the central motive for threat actors who target SMBs both small (fewer than 1,000 employees) and large (more than 1,000 employees).
Notwithstanding those findings, there are plenty of SMBs that fail to pursue the essential security measures that could prevent ransomware and other attacks from being successful. And the notion that an organization can simply pay a ransom demand and easily regain access to their systems and data in lieu of investing in more robust security to prevent a ransomware attack is uninformed, as is the idea that cyber insurance will cover the aggregated losses following an attack..
For instance, about half of the SMBs who participated in the Cybereason study indicated they did not have any endpoint protection or antivirus solutions deployed on their systems, despite the fact that these solutions are readily available and are not cost-prohibitive for smaller organizations, especially when compared to ransom demands averaging between $350,000-$1.4 million.
In addition, of the organizations who were the victim of a ransomware attack and opted to pay the ransom demand in exchange for the decryption tool to recover their encrypted data, nearly half reported that some or all of the data was corrupted during the recovery process.
And of the respondents who suffered ransomware attacks and had cyber insurance, about half indicated that the policies only covered a portion of the costs or none at all. Costs associated with a successful ransomware attack typically include loss of revenue, damage to the organization’s brand, unplanned workforce reductions, closure of the business for a period or permanently, and more.
These findings underscore why it does not pay to pay ransomware attackers, and that organizations should focus on early detection and prevention strategies to end ransomware attacks at the earliest stages before critical systems and data are put in jeopardy.
“Ransomware attacks are a major concern for organizations across the globe, often causing massive business disruptions including the loss of income and valuable human resources as a direct result,” Lior Div, CEO and co-founder of Cybereason said of the report findings.
“Paying a ransom demand does not guarantee a successful recovery, does not prevent the attackers from hitting the victim organization again, and in the end only exacerbates the problem by encouraging more attacks. Getting in front of the threat by adopting a prevention-first strategy for early detection will allow organizations to stop disruptive ransomware before they can hurt the business.”
The full report can be found here: Ransomware: The True Cost to Business.
Cybereason is dedicated to teaming with defenders to end ransomware attacks on the endpoint, across enterprise, to everywhere the battle is taking place. Learn more about proactive ransomware defense here or schedule a demo today to learn how your organization can benefit from an operation-centric approach to security.
The Cybereason Security Team champions cyber defenders by providing future-ready attack protection that unifies security from the endpoint, to the enterprise, to everywhere the battle moves. The Cybereason Defense Platform combines the industry’s top-rated detection and response (EDR and XDR), next-gen anti-virus (NGAV), and proactive threat hunting to deliver context-rich analysis of every element of a Malop (malicious operation). The result: defenders can end cyber attacks from endpoints to everywhere.All Posts by Cybereason Security Team