Last year we saw a big increase in Ransomware activity and that’s only going to increase in 2021. If you drill into how much money attacking organizations are making, its easy to see why. Some organizations are believed to be earning hundreds of millions of dollars on an annual basis. This equates to a healthy mid-size business.
Many organizations pay up. This works for the hackers. For organizations that don’t pay, they may later as companies average 19 day downtime to recover from a successful attack. To make matters worse, now when companies see the dreaded “You’ve been ransomed” screen, they are seeing it on multiple screens simultaneously, which stops business instantly.Companies who don’t pay typically end up spending 3 times the cost of the ransom or more in recovery. Many of these organizations will go out of business in the within a year of the attack.
It’s expected that organizations will spend $20 Billion remediating ransomware attacks in 2021. The cost to remediate can be anywhere from 2.5 to 20 times the cost to prevent. The hackers don’t profit from the remediation, they only profit from the payoff. So to encourage more organizations to pay the ransom, many ransomware platforms start with data exfiltration. This allows them to accomplish multiple things; proof of attack, sale of data on the dark web. potential embarrassment, and legal ramifications for the victim. Unfortunately, paying the ransom doesn’t mean that the data still won’t be sold on the dark web.
It’s time to take a hard look at the key areas of protection and make sure you are covered. Good strategies around Endpoint, Gateway, Mail, and Staff Security Training should be reviewed quarterly.The next good step should be data encryption. Encrypting as much of your data as possible makes it useless if it does get exfiltrated. Many organizations have signed on to Full Disk Encryption, but this is doing nothing for data that is on servers and actively used workstations. The next area to investigate is if you are using folder encryption, how do you handle files that don’t make it to the encrypted areas, or when copies of files are both encrypted and not encrypted. Encryption everywhere solves this problem and might be easier to implement than you think.
The bottom line is, improving your security posture takes time and budget. We can help you prioritize your need based upon your security risk profile. We can also help you to make the case to non-technical management in ways that make business sense.