Recent estimates put the cost of ransomware at $1 billion dollars a year—and the hackers are getting smarter and more sophisticated. Although ransomware has been around since 2005, the scale and complexity of the crimes are more and more dangerous. Combine that with the constant inundation of security alerts, which Cisco estimates almost half go uninvestigated, disaster is imminent for businesses that do not protect themselves.
Before 2015, an employee might have had his personal desktop compromised until a ransom, usually in the form of Bitcoins, was paid up. Now, entire organizations can have their smartphones, servers, laptops or any device deactivated and data encrypted until cash, usually Bitcoins, are exchanged. And finding Bitcoins isn’t that easy—especially when your organization is completely off line and management is in a panic.
There are many infection methods that can be used in ransomware crimes. But the outcomes are often similar: a malicious code will encrypt files, that can be local to an individual device or global, to all the data in a firm. Then, a request is sent to the company, demanding larger and larger sums of cash, usually in the form of bitcoins.
Sometimes the victim does not comply and tries to restore their data from back up. However, this poses its own problems. First is that the ransomware could have also infected the back-up. Scanning also will not necessarily find it, especially if your current tools didn’t find the bug the first time. According to Forbes.com #cybersecurity, less than half of all victims are able to get 50% or more of their data back, whether they pay the ransom or not. Worse, the rate of ransomware attacks has risen 167% since 2015.
Seasoned professionals with the right tools can help recover from the attack, but a company also needs a security plan in the first place. Unfortunately, a comprehensive security plan is expensive and hard to maintain. The cost of this often leaves IT leaders in a precarious position of trying to guess if they really need it or not.
You really need it. Datto estimates that $375 million dollars has been paid out in ransoms in the last year. And there are other costs. Some estimate that a small business off line costs over $8000 an hour. Then there is the problem of losing credibility or violating your client’s privacy. Patents, private client information, legal matters, even the next season of Orange is the New Black can be used as a way to extort money, lose information, and possibly de-legitimize a company’s long standing reputation.
Security products must also be coupled with best practices. This can pose problems if constant updates to hardware and software are not maintained, or if security alerts go uninvestigated. Keeping up with the barrage of daily security alerts is not easy, if not impossible. Cisco estimates 44% of security alerts go uninvestigated, posing even greater threats and opportunities for attacks. And according to the FBI, an average of 4000 attacks transpire daily.
Therefore, effective security systems must be lateral, flexible, auto-updated and affordable. Cloud-based managed security service providers are a great step forward. MSPs can offer layers of security that most companies can’t afford. So, in addition to your own company’s security, you can get extra protection from the cloud service you choose.
Ransomware is not going anywhere. Buy by implementing effective security measures with the right partners, you may not have to buy bitcoins at midnight. Or on Thanksgiving. Or a Sunday afternoon. Or during your son’s bar-mitzvah. Or at any other time you have scheduled to sleep, celebrate, or meditate.