Solutions Review’s Expert Insights Series is a collection of contributed articles written by industry experts in enterprise software categories. Katie McCullough of Panzura warns that ransomware can cost more than the ransom, and why this should worry enterprises.
Ransomware attacks have been consistently on the rise for years, to the point they are now regarded as an occupational hazard for businesses. Ransomware risk is baked in, an inevitable consequence of doing business in the digital age. But that risk is rising, and as businesses expand their network footprints and look for new ways to store and manage their data, they’re making themselves more vulnerable. The annual share of ransomware attacks experienced by companies worldwide has been on the rise since 2018, and continues to grow. As reported by IBM, for more than 80 percent of businesses in 2023, it’s no longer a case of if a data breach will happen, but when.
This raises important questions about the cost of ransomware. The global average cost of a successful data breach is $4.3 million USD. That’s bleak, but it’s even worse for U.S.-based businesses. For the 12th year in a row, the U.S. holds the title for the highest cost of a data breach, $5.1 million more than the global average. It’s important to note that these figures include the overall cost of a ransomware attack, rather than just the ransom payment itself.
Paying a ransom is also fraught with risk. Even if a business pays, there is no guarantee that the “fix” given in exchange for the ransom will actually work, and will almost certainly be slow and inefficient. These fixes will also likely leave “back doors” open for future infiltrations. Because if a business folds and pays once, they will be seen as likely to do so again. It could also be illegal to pay a ransom if the bad actor group is on a federal list, leading to fines or even convictions. If a ransom is paid and a fix is delivered, it doesn’t negate the damage. Businesses will still suffer the additional cost of downtime, lost hours, device and network costs, and lost business opportunities. Not to mention the costly knock to their reputation if they have to alert customers or temporarily cease trading. According to Statista, the average company experiences almost three weeks of downtime when successfully targeted by a ransomware attack. In the U.S. alone, ransomware-related downtime cost businesses an overall $159 million in 2021.
The Cost of Ransomware: Why Businesses Should Be Worried
The cost of ransomware is eye-wateringly high, but increasingly, the highest cost to organizations isn’t the ransom they’re forced to pay, but the broader business, operational, and financial implications and costs. Recent data shows that the average ransom payment (not the overall cost of an attack) sits at around $170,000. Meanwhile, the total business cost of damage remediation runs into the millions and is still climbing. This compounds the threat of ransomware and demonstrates why businesses should focus more on storage and recovery solutions than just cybersecurity alone.
What Happens When Attacks are Inevitable?
Businesses should, of course, be taking every step to detect and deter ransomware attacks. Still, the threat landscape is evolving at such breakneck speeds that, for most businesses, a breach is inevitable. Organizations, therefore, need to broaden their focus to include remediation and recovery solutions, as well as threat detection and prevention.
This is an easy argument for ransomware-resilient technology, isolated recovery environments, taking snapshots, advanced data management, and immutable storage solutions, so that attacks can be stopped in their tracks and data can be seamlessly restored. This has to be achieved quickly to minimize the potential damage to the business in terms of downtime, productivity, and reputation management.
- Immutable storage solutions are storage systems that prevent any changes to the stored data once it has been written. This means that once data is written to an immutable storage system, it cannot be altered, deleted, or overwritten. This offers several benefits, including data integrity, baked-in compliance, and better protection against ransomware threats. With immutable storage, data is protected against ransomware attacks because the ransomware cannot overwrite or delete the data. Moreover, data will remain unchanged and uncorrupted, ensuring that it is always accurate and reliable – crucial in industries such as finance, healthcare, and government, where data accuracy is paramount. Immutable storage has the added benefit of protecting against accidental deletion or modification, making it a sensible choice for storage beyond the threat of ransomware and other cyber incidents.
- On the other hand, isolated recovery environments (IRE) are computing environments that are separated from the rest of an organization’s IT infrastructure. They are typically used for disaster recovery purposes and offer benefits such as faster recovery times, protection against various external threats, and the ability to test disaster and recovery plans so they’re always fit for purpose. IREs are useful because they are air-gapped from the primary environment, which means that malware and other threats cannot spread from the primary environment to the recovery environment.
- A snapshot is an image of your data at a specific point in time. Snapshots allow for faster rollback to a previous point in time as compared to backups and are created quickly and easily without any impact on the production server.
- An advanced data management solution provides a unified view and management of your data, enabling administrators to find affected data fast. A data management solution should include identifying anomalous behavior, flexible and timely searching capabilities, and reporting on all file attributes.
When combined with incident response teams, robust response planning, encryption, employee training, and cyber insurance, these technologies offer a security solution that extends beyond prevention and gives businesses absolute peace of mind for when the inevitable eventually occurs. As part of incident response teams, critical vendors should be considered for providing much-needed resourcing and intelligence as the result of an attack.
- Ransomware Costs More Than the Ransom: Why You Should Be Worried - April 14, 2023