Most Businesses Don't Survive Ransomware Attacks
Most small businesses wouldn't survive a week after getting hit by a ransomware attack.
New research from CyberCatch, a San Diego-based cybersecurity platform provider, shows that 75 percent of small- and midsize businesses would be forced to close shop if a bad actor demanded a ransom not to infect their systems with malware. The survey of 1,200 small- to midsize businesses in North America was conducted by Momentive, a market insights company, on behalf of CyberCatch, in March of this year.
It's not just the ransom's dollar amount that can push a business over the edge, it's the complete disruption to operations that ensues when an organization must navigate an attack. That's according to Jon Miller, who serves as the CEO and co-founder of the Austin-based ransomware platform Halcyon.
And businesses aren't preparing for those disruptions. Thirty percent of small-and-midsize businesses polled in the CyberCatch survey did not have a written incident response plan, which helps spell out how an organization should respond during a breach.
While preparation is key to preventing a cyber incursion, how you respond in the days just following an attack is also vital. In the immediate aftermath, here are four ways to soften the impact and protect yourself:
Take a picture of the infected device's screen before unplugging it, says Halcyon's Miller. Businesses should pay attention to any payment deadlines imposed by the bad actor, or the number of days they have until the ransom may increase. They should also check their systems to ensure that the rest of their network is not compromised.
After a business unplugs the infected device (or devices), Miller says the next step is to dial legal counsel to gauge the appropriate next steps for reporting the attack. Data privacy attorneys may be helpful in these situations, too. Then it's time to call your cyber insurer, and, if necessary, law enforcement.
Check up on backup systems to assess what data is recoverable. For those that don't have backups, Miller recommends working with an incident response company that is better equipped to communicate with the cyber attackers and can even help negotiate and reduce the price of the ransom, according to Miller. He cautions that if a business does pay up, and access to its files is restored, "this doesn't guarantee full recovery, because frequently a percentage of files are corrupted."
It's imperative for an organization to reset all passwords within the company following an attack. Businesses should also make sure that they have the latest versions of software and run any patches (or modifications to existing programs) to strengthen security. Miller adds that organizations should keep an eye out for backdoors into their organizations that bad actors could exploit. Looking into some form of anti-ransomware service could also benefit businesses.
While larger companies can afford to take the hit and pay the ransom, many small businesses aren't as well equipped to throw money at the problem. There's also ample debate on whether ransoms should be paid; Miller cautions against it.
"There is a problem with paying these people and letting them know that you're willing to pay, because it gives them precedent to come right back one year later and do it over again," Miller says. Businesses "need to figure out what hole [they] have that let the ransomware through, and fill it."
Brokerage and investment advisory services are available through UnionBanc Investment Services LLC, an SEC-registered broker-dealer, investment adviser, member FINRA/SIPC, and subsidiary of MUFG Union Bank, N.A. Insurance services are available through UnionBanc Insurance Services, a division of MUFG Union Bank, N.A. with a California domicile and principal place of business at 1201 Camino Del Mar, Suite 208, Del Mar, CA 92014. California State Insurance License No. 0817733. Non-deposit investment and insurance products: • Are NOT deposits or other obligations of, or guaranteed by, the Bank or any Bank affiliate • Are NOT insured by the FDIC or by any other federal government agency • Are subject to investment risks, including possible loss of the principal amount invested • Insurance and annuities are products of the insurance carriers.