With this month’s focus on cybersecurity, it’s a good time to take stock of how companies are faring in security. Some of the statistics should get attention. If these were grade reports, someone should be calling parents about failing marks. A good deal of these scary bad scores concern the rising incidents of ransomware.
Research vendor EmisSoft* found that from January to September in 2019, 621 organizations in government, schools, colleges and universities, and healthcare providers were hit by ransomware. Sixty-eight or more state, county and municipal organizations suffered strikes this year as well.
In the field of education, 62 or more attack events occurred, effecting as many as 1,051 individual schools, colleges and universities. Many other organizations experienced attacks that may not have been as publicized.
The healthcare industry has been hit particularly hard by ransomware attacks. Sometimes healthcare operators have opted to pay ransomware, perhaps due to the extremely personal nature of their data, and this has not escaped the notice of the attackers.
The results of these attacks have brought broad interruption and disruption to services and operations, some critical. These include emergency services, medical practices, ER diversions, surgeries canceled, school start days delayed, data loss, and more. In certain sectors, companies opting to pay ransom is not a high percentage. Barracuda reported that out of 55 ransomware hits on state and local governments so far this year, only 3 paid the ransom.
Still, ransom amounts have been climbing. The FBI recommends against paying ransom demands and rather, encourages reporting the crimes so they can be investigated. A group of 200 mayors this summer signed a pledge that they would not cave to paying.
When companies believe they can’t stop a ransomware attack, they might pay the ransomware and they might hope their cyber insurance will be their saving grace. Cyber insurance policies vary widely and organizations should analyze them closely. Sometimes paying ransom jeopardizes a policy. Or, sometimes insurance companies advocate paying the ransom to avoid the even higher costs of recovering the data and managing the fallout. But these steps only motivate hackers to continue their strikes.
Organizations can purchase individual plans. Cities can get their own plans and smaller municipalities can band together for group coverage. This year, Baltimore suffered a ransomware attack. They refused to pay the ransom and the hit cost them $18 million. They are now considering cyber insurance. In 2017, forty-four percent of local governments had some kind of cyber insurance coverage.
When companies purchase cyber insurance, they are obliged to fill out short or long risk assessment forms used to set rates. Like all insurance policies, coverage varies. Items that can be included are things like credit monitoring if customer data is breached, restoring lost data after a ransomware attack, crisis management, lost business after an attack and more. But there can also be caps and gaps in coverage that companies need to evaluate. If a company’s security practice is lacking or behavior is negligent, that can be grounds for an insurance company not to pay out.
While companies may not be paying ransoms for the most part, that doesn’t mean they aren’t being hit with high price tags for ransomware attacks. Not all companies have to report their costs and losses so firm amounts aren’t knowable. Costs vary widely. Baltimore’s costs of $18.2 million soared over Albany, which lost just $300K. A healthcare service provider reported losing $30K to $50K per day in downtime. Statistics have tallied that an average ransomware attack can cost $8 million and take over three quarters of a year to recover. Some costs aren’t as obvious as the damages, such as extra R&D or investing into new security systems.
The bottom line is the cybersecurity problem - and ransomware attacks especially - aren't going away. In fact, all are likely to increase given cyber attackers are finding so much success from their efforts. Organizations need to step it up significantly if they don’t want to continue falling victim to these costly and clever attacks.
If you have not already, upgrade your security infrastructure to guardrail your applications and counter any thought of a ransom attack. Watch our demo of a multi-step ransomware attack in action using advanced hacking tools. See how Virsec security platform can instantly spot this attack at every stage and stop it. If you are not already partnering with Virsec, it may be time to consider doing so – before there is a ransom demand or if you are recovering.
Further resources:
White Paper: Making Applications Truly Self-Defending
In the Face of a Ransomware Attack, Can Your Defenses Prevail?
Huge manufacturing company Aebi Schmidt struck by ransomware
Virsec’s Vaccine Against the Ransomware Epidemic
Ransomware Attacks Rising Against Many Cities, Striking Local Governments & School Campuses
MegaCortex Malware Strikes Business Networks, Does Damage Both as Ransomware and Disk Wiper
Sources:
*https://blog.emsisoft.com/en/34193/state-of-ransomware-in-the-u-s-2019-report-for-q1-to-q3/