Data security company Sophos published a report called "The State Of Ransomware 2020" with the results of a 5,000-company survey of IT managers. If you only get through the Executive Summary, the information is stunning. It begins with the statistic that 51% of all companies have suffered a Ransomware attack. If you’re fortunate enough to be among the 49% who haven’t been attacked, please add the word “yet” to that last statement. In other words, it’s virtually inevitable that you will also become a victim of a Ransomware attack. And if you think that the costs of a Ransomware Attack will be covered by your Cybersecurity Insurance Policy, there’s bad news there, too.
The Costs of a Ransomware Attack
Even though 84% of those companies surveyed had Cybersecurity insurance 36% of those policies had policies which did not cover Ransomware attacks. Does yours? And if it doesn’t, do you know what it might cost to recover from the attack? The answer is probably more than you think.
According to the Sophos report, among those companies surveyed, the average cost of a ransomware attack was $732,520 when the ransom was not paid, and double that -- $1,448,458 -- if the ransom was paid.
How Common Are Ransomware Attacks
While 51% of all companies surveyed had become victims of at least one Ransomware attack, not all companies in all countries and industries were affected equally. The countries with the lowest percentage of attacks were the Philippines, Poland and South Africa, where the targets are less lucrative, according to Sophos.
The country with the highest frequency of attacks was India, where “Cyber hygiene is generally poor,” says Sophos. The United States comes in at number 6, with a very high 59%. That’s nearly 6 in 10 USA companies becoming Ransomware victims.
What’s also interesting is the industries where the attacks took place. At the top end, 60% of Media, Leisure and entertainment companies suffered Ransomware attacks, and at the bottom were Public Sector organizations, with 45%. See the accompanying graph from the Sophos report for the full list.
Ransomware Data Targets
It’s interesting to note that companies responding to the Sophos Survey reported that 41% of attacks affected on-premise data. 35% reporting that only data in the public cloud was encrypted, with the remaining 24% saying that it was a combination of the two.
Put another way, 59% of those affected by Ransomware had their cloud data encrypted, quashing any myths that Cloud Data is inherently secure without significant, additional security precautions beyond that which is provided by the cloud platforms themselves.
How The Ransomware Attacks Began
Ransomware always comes from somewhere. We’ve talked a lot about the dangers of Phishing and the need for cyber-awareness training and other security measures, so it is no surprise to us that the top method for Ransomware getting into a company is via a file download or an email with a malicious link. The third highest incidence is via email with malicious attachments -- both of these describe Phishing attacks: emails or websites that impersonate legitimate companies and sites, but whose primary mission is to replicate and infect computers with Ransomware and other Malware. See the accompanying full list of attack vectors from Sophos.
Getting Your Data Back After A Ransomware Attack
Of those companies whose data was encrypted, 26% of them chose to pay the ransom, and of those companies all but 1% of them got their data back. That’s great news for most of those companies, and bad news for the ones who did not. Still, the percentage of recovery was high, though not guaranteed.
A far larger number of companies chose not to pay the ransom. Fifty-six percent of those who got their data back without paying the ransom relied mostly on backups. The remainder got their data back in some other way, presumably by recreating the data, relying on paper records, or other methods.
So why did those “other method” companies use other methods? And what about those companies who never did get their data back? Why didn’t they? There’s a good chance that it was one of these reasons:
- There were no backups. It’s unlikely that this was the case for larger companies, but smaller companies who think “this could never happen to us” are more likely to not have good backups.
- The restoration of the backups failed. A good backup plan includes testing the backups. It’s likely that a fair number of those companies who didn’t get their data back hadn’t been testing their backups.
- The backups were encrypted or deleted by the Ransomware. A good backup strategy requires that some copies of the backups be held offsite, and with an "airgap" -- a euphemism for the backups being stored offline so they cannot be affected by Ransomware.
Be sure your backup plan was designed properly, with multiple copies in multiple locations, to increase the chances of surviving a Ransomware attack.
Avoiding The Costs of a Ransomware Attack
The big takeaway from all of this is that the costs of a Ransomware attack are very high, and that it’s far less expensive, and far easier, to avoid being the victim of a ransomware attack in the first place. And that avoidance begins with good planning, not only for your backups but for your overall network security, including on-premise and cloud data. And securing your data begins with an assessment of your current situation. Digital Uppercut has never had a client lose data that could not be recovered. We’re also backed by a $1 million ransomware guarantee. Let’s talk about how we can protect your data and your company. Contact us online or call us at 818-913-1335.