TIPS #3: How can companies understand and mitigate the complex risks of ransomware?

Welcome to the third edition of #ForgepointTIPS (Threat Intelligence Portfolio Spotlight), where we examine the latest cybersecurity trends and threats and provide actionable insights for industry decision-makers. Today we explore #ransomware: the complex risks to companies and what you can do to identify and mitigate risk for your business. Helpful reading? Subscribe and tell a friend…

Issue: Ransomware on the rise 

2021 was a banner year for ransomware with a precipitous increase in attacks and rising average costs for businesses. While 2022 saw a small drop in ransomware activity, 2023 is on pace to meet or exceed 2021 levels according to the 2023 Verizon DBIR report.

Ransomware attacks are becoming more sophisticated as well. For example, new ransomware from threat group Cyclops, recently identified by Uptycs, can infect Windows, Linux, and Mac machines, and is supplied alongside incidental information-stealing malware. Malicious groups can target, encrypt, and steal particularly sensitive information across three major operating systems, all while navigating a user-friendly interface.

Impact: Ransomware risks run deep

The cost of ransomware may seem self-evident: it’s the ransom you pay to regain access to your data. However, 2022 research from Check Point showed that ransom payments account for only 15% of all costs incurred from a ransomware attack. Further, many organizations who pay a ransom don’t even get their data back- 46% recover half or less of their data– and can face a vicious cycle of additional demands for ransom payments after paying once. Malicious groups may even threaten to publicly release compromised data to pressure companies into paying.

Most of the cost from a ransomware attack is due to business interruption. Businesses can’t operate properly during a ransomware attack, the average length of which is around 3 weeks, leading to net revenue losses averaging $5 million according to the 2021 Lockton Cyber Claims Report. Malicious groups may also threaten to heighten business disruption, pressuring companies into paying a ransom.

In addition, businesses invest significant resources working with analysts, insurers, law enforcement officials, PR firms, and regulators to respond to an attack. There’s a reputational cost, too: a ransomware attack can cause customers to lose faith in businesses. In addition to impairing customer productivity and experience, companies may face class-action lawsuits over compromised customer data.

Companies may additionally be fined by regulatory agencies if they mishandle their response to a ransomware attack or fail to report a data breach properly. Take US-based company Blackbaud Inc. as an example. The SEC charged Blackbaud for making misleading disclosures to customers in the wake of a 2020 ransomware attack. Blackbaud recently agreed to pay $3 million to settle the charges.

In total, the cost organizations face from a ransomware attack amounts to millions of dollars on average, with potentially devastating impacts to customers, employees, and other stakeholders.

Action: Comprehensive governance: the strategy to guide your tactical response

Effectively responding to a ransomware attack requires a clear set of guidelines, planned out well in advance of an incident.

In other words, businesses must implement comprehensive governance to actively defend against ransomware, mitigate risk, and reduce business interruption- and to comply with applicable regulations like GDPR (and the potential new SEC requirements in the US).

1. Address your company’s unique risk profile according to attacker interests

Prioritize the risks your company may face from a ransomware incident. Planning around the specific risks to your business functions that attackers are objectively interested in enhances incident response and recovery capabilities, reduces downtime, and lowers the overall impact from a breach.

2. Create an oversight and accountability framework for governance

Managing the varied risks your business faces can be complicated. A clear accountability framework defines who is best suited and responsible for managing which risks, and includes processes that increase transparency around meeting those responsibilities.

3. Establish decision-making hierarchies for action, not reaction

The minutes, hours, and days during a ransomware attack aren’t the time to decide who makes what decisions. Instead, businesses must create clear guidance around decision-making ahead of time. This eliminates uncertainty, which can lead to poor decision-making and a longer road to recovery.

4. Strengthen the ties between strategy and operations by planning and testing

The overarching strategy your company develops must synchronize with day-to-day security operations to meet business needs and relevant regulations. Even with comprehensive governance, preparing for, responding to, and recovering from a ransomware attack can be complicated. Companies like Surefire Cyber connect insurance carriers, brokers, breach coaches, and impacted companies, and help devise scenarios for testing to guide you through the process.

5. Insure against financial loss and liability

Cyber insurance policies help cover liability and the complex costs associated with response and recovery. New companies like Converge bring together the latest technology with cyber insurance specialists to provide tailored offerings and help companies mitigate risk and build longer-term protection.

Thanks for reading our Forgepoint TIPS! Please subscribe and share with a peer. Have feedback or a cyber threat or trend you’d like us to address? Get in touch.

***This blog was originally featured on our Forgepoint TIPS LinkedIn newsletter. Read the original post on LinkedIn here.***