With ransomware attacks hitting the headlines in a big way in 2021, what is clear is that organisations, regardless of size or industry, can be targets of these debilitating and costly attacks.
Sophos’ The State of Ransomware 2021, which surveyed 5,400 IT decision-makers in 30 countries, provides a timely look into the impact of ransomware attacks on businesses around the world.
On average, 37% of companies fell victim to ransomware in the 12 months preceding the study. Of these, only 8% of organisations managed to get back all their data after paying a ransom, with 29% getting back no more than half.
Alarmingly, the study revealed that the global average total cost of recovery from a ransomware attack has more than doubled in a year, increasing from US$761,106 in 2020 to US$1.85m in 2021 with the average ransom paid being US$170k.
Chester Wisniewski, principal research scientist, Sophos, said, “Recovering from a ransomware attack can take years and is about so much more than just decrypting and restoring data. Whole systems need to be rebuilt from the ground up and then there is the operational downtime and customer impact to consider, and much more. Further, the definition of what constitutes a ‘ransomware’ attack is evolving.
“It is more important than ever to protect against adversaries at the door, before they get a chance to take hold and unfold their increasingly multi-faceted attacks. Fortunately, if organisations are attacked, they don’t have to face this challenge alone. Support is available 24/7 in the form of external security operations centres, human-led threat hunting and incident response services.”
Among the 3,353 companies in the survey that hadn’t suffered a ransomware attack in the last 12 months, 2,187 expected it would happen to them in 2021. Forty per cent of those thought it was “inevitable” they would be targeted. Be that a pragmatic or a pessimistic view, the advice given in the report’s conclusion is clear: assume you will be hit.
Fatalistic as it sounds, taking precautions doesn’t have to be a daunting as it seems. In fact, it’s akin to checking for traffic before you cross the road. After all, why wouldn’t you?
Like checking for traffic, helping lower the odds of being hit by ransomware involves several activities. Instead of finding a safe place to cross, looking both ways, listening out for traffic, and keeping alert while crossing, to avoid being victims of a cyberattack organisations should:
– Combine human expertise and technology to detect and prevent ransomware early on in its lifecycle.
– Deploy the above in multiple layers at different points: perimeter, email servers, cloud services, etc.
– Create a SOC or use a specialist cybersecurity company — see Sophos’ offering detailed below.
– Have a recovery plan in place that includes backups. Practise it. (The State of Ransomware Report shows that some of the sectors with no such plans were some of the most likely to be hit.)
– Don’t pay any ransom.
Some pragmatic solutions
In a climate where cyberattacks are increasing, it’s little wonder that expert cybersecurity staff are in short supply. In fact, according to Sophos’ The Future of Cybersecurity in Asia Pacific and Japan report, 62% of companies struggle to recruit people with the necessary cybersecurity skills. Creating that mix of technological and expert human protection is challenging for many organisations.
The Sophos Managed Threat Response (MTR) service is the perfect answer to address this problem. It combines dedicated, trained, expert personnel with the world’s best technology to identify threats and neutralise them before they are successful.
Detection is only a part of the battle; where MTR excels is the use of techniques, tactics and procedures to identify and take action against modern threats, all done according to users’ objectives.
Sophos MTR provides detail about any detected problem on which the correct level of remedial action can be taken — it’s down to context and the 24/7 support the Sophos experts provide in the event of any incident.
Sophos MTR helps to stop ransomware attacks before they start; ensuring proactively that security policies and incident response actions are in place to nullify any attempt at the data encryption or exfiltration that can cripple an organisation’s operations and brand.
The adage of “when not if” a cyberattack happens remains true, but so is the concept of “low hanging fruit.” Propagating ransomware is a numbers game and that’s why removing the organisation from the list of easy targets can reduce the chance of attack.