If you want your business to succeed, you’ll need to make sure you have a data backup solution in place. Additionally, this data backup solution needs to have two specific metrics nailed down: recovery point objective (RPO) and recovery time objective (RTO). Let’s discuss what these metrics mean and why they are so important for data recovery. Read More
- Published: 02 Sep 2022
Let’s say, hypothetically speaking, your business was infected with ransomware, and—despite our advice not to—you decided to pay the ransom. Once the money’s handed over, that’s the biggest cost that you might be subjected to, right?
Not so fast. Ransomware has many more impacts than that, each of which come with their own costs as well. Let’s dive into some of the other factors that also contribute to the cost of ransomware.
Take It from Those Who Paid: The Ransom Wasn’t the Worst Part of It
GetApp, a Software-as-a-Service review site, conducted a survey where they interviewed 300 business leaders who had been victimized by ransomware. Of the respondents, only 11%—effectively 1-in-10—considered the ransom payment to be the most impactful consequence.
Just consider multifactor extortion, for instance. Swiftly becoming a favorite tactic for attackers to use, 60% of the survey’s respondents had seen ransomware attacks launched in tandem with other efforts. While the attacker locks down their target’s data, it is also stolen. The attacker then threatens to leak this stolen data on the Internet unless another payment is received.
DDoS (Distributed Denial of Service) attacks are another favorite attack method that attackers will use to do harm to your business. In a DDoS attack, your servers are flooded with traffic to the point of failure, crashing websites and opening a business up to data breaches.
This multi-pronged attack has proven quite effective. According to the results of the survey, 31% of those targeted with ransomware alone would ultimately pay. This rate was found to effectively double to 58% when multifaceted attacks were used. GetApp tracked that 64% of businesses that suffered from multifaceted extortion dealt with ransomware and a DDoS attack, while 51% dealt with ransomware and data theft. 23% had to deal with all three of these effects.
This Still Isn’t the Worst Part
According to the survey, most impacted businesses didn’t see the ransom as the worst consequence. 42% did, while 21% saw minimal impacts. Similarly, 43% of businesses suffered some reputational damage, while 26% saw little-to-no impact.
GetApp’s research demonstrated that the most commonly felt impact after a ransomware attack was the lost productivity. 70% of those businesses surveyed identified it as a major impact, compared to a mere 13% stating that there was a minimal effect on productivity.
The duration of this loss of productivity was far and away seven hours or more for affected businesses, with 69% of businesses suffering for that long. 8% dealt with the ransomware for a week or more. On top of this, ransomware tends to alienate your clients. 62% of those business owners surveyed had lost a client after a ransomware infection, while 38% had lost multiple.
Ransomware Isn’t Cheap, One Way or the Other
Putting all of these factors together, it should be no surprise that ransomware is expensive. The survey’s respondents confirm this, too… 49% of those that paid up had to pay $50,000, but 34% that didn’t cave had to pay the same amount.
It’s Better to Not Have to Deal with Ransomware
Clearly, ransomware is something to avoid. Let’s touch on a few effective means of avoiding it.
Prepare for Phishing
Phishing is commonly used as a means of introducing cyberattacks into a business, especially ransomware. Keeping your team up-to-date on how to spot and mitigate phishing attacks, and running phishing simulations to help evaluate their readiness, is a good and necessary way to proactively prevent these attacks.
Ransomware can also be spread through software vulnerabilities, which makes it crucial that you keep your software up-to-date and phase it out once security updates are no longer produced by the developer. It also doesn’t hurt to isolate your business’ primary network from potentially insecure and unpatched devices (like IoT devices, as one example) by setting up a dedicated network for them that lacks access to the other one.
We’re Here to Help Keep You Secure and Productive
Our specialty is using technology and proactive maintenance to help solve business challenges and allow you to accomplish more, securely. Get started by giving us a call at 1-855-405-8889 today!