When a ransomware attack occurs, it is generally thought that the most damage comes from having to pay the ransom. However, that is not the only issue victims have to deal with. Businesses, small ones in particular, face downtime when they become victims of ransomware, which results in loss of income. So they not only have to figure out how to restore encrypted data, in case there is no backup, but also how to restore regular services as quickly as possible. Downtime to some length is inevitable, whether backup is available or not, and that is usually what costs small businesses the most.
More income is lost from downtime rather than the actual ransom
According to research done by cyber security company Malwarebytes, 35% of small and medium businesses were victims of a ransomware attack in the past year. Furthermore, one in six faced downtime of more than 25 hours. That is 25 hours of not being able to operate a business in its full capacity, which means loss in revenue. Reportedly, smaller companies lost around $100 000 on average as a direct result of downtime. When an attack happens, all operations stop until the system is cleared from any kind of threat and data is recovered from backup. 25 hours of this may not affect bigger companies to such an extent but for smaller businesses, it may mean serious trouble. That is only when backup is available. If there is no way to restore the data, even when paying the ransom, a company could end losing much more than 25 hours worth of income.
It is not only smaller companies that are affected. More than a month after NotPetya spread all over the world, international courier delivery service, FedEx, is still feeling affects. Reportedly, the branch that was hit by the attack will not be able to fully restore affected systems. They also experienced a period of downtime, which will result in loss of revenue. However, since FedEx is quite big, it will be able to recuperate. If smaller business faced a similar situation, they might not be able to recover.
What is there to do to prevent an attack?
According to malware specialists, 64% of ransomware infections come from opening malicious email attachments or links. That means simple misjudgment causes more than half of ransomware attacks. And those misjudgments come from simply not knowing and could easily be prevented. All one needs to do is open an infected email attachment or press on the wrong link and the ransomware can enter the system. While some emails are rather convincing, some are very obviously not what they pretend to be. However, users may open them simply because they are not aware of the damage that it could do. If employees do not know how to differentiate between safe and malicious emails, that is a major problem for both small and big businesses. Employers should take note of this and train their employees if they want to prevent worst case scenarios. This involves teaching how to spot suspicious emails and when to notify security specialists about weird activity.
Employing some kind of security software is also a must for everyone. Capable anti-malware does not come free and some businesses may choose not to invest in it simply because they do not think it is a necessary purchase. However, those security programs may be able to spot an infection before it can affect the entire system and cause severe damage. So that investment may be what is preventing your company from getting infected.
Updating software regularly is also essential. When a flaw is detected by specialists, updates are released to prevent hackers from taking advantage of it to create trouble. WannaCry was able to spread to such an extent because users did not install a crucial Windows update that was available for almost two months prior to the attack.
As recent ransomware attacks have shown,it is not a question of if anymore, we have reached the extent where every single one of use could become victim to ransomware. This is why it is so important that we know how to protect ourselves. Cyber security-cautious employees, backup and reliable anti-malware software are what is standing between your business and possible financial loss, so keep that in mind the next time you choose to skip out on training your employees and investing in anti-malware/backup.
References