The hidden cost of Ransomware and how businesses pay the price for partial protection.

Cyber Security
Written By Alvaro Vasquez
unsplash-image-flha0KwRrRc.jpg

Carbonite's last threat report found the average ransomware payment peaked in September 2020 at more than $230 thousand. But the ransom alone doesn’t tell the whole story. To do that, another study was conducted to quantify the collateral damage from surging ransomware incidents and rising extortion amounts.

These are some of those effects inflating the price tag of an attack, which expose  "The Hidden Costs of Ransomware".

Lost productivity

Carbonite found that hours of lost productivity from a ransomware incident were closely related to the length of time to discovery of the attack. Generally, faster detection meant limiting the spread of the infection and less time spent on remediation. In other words, the further ransomware spreads the longer it takes to eradicate. Unfortunately, almost half (49%) of respondents to their survey reported being unaware of the infection for more than 24 hours.

A third of incidents were reportedly remediated in 1-3 hours, while 17 percent required 3-5 days of effort. Carbonite quantified these lost hours based on hours spent on remediation (easily measurable) and the opportunity costs from diverting resources from IT teams’ “blue sky” responsibilities (tougher to measure).

Factoring in varying costs of IT resources, it was determined low/high-cost estimates for hours of remediation reported by survey respondents. These ran from $300/$750 for three hours of remediation to $4,000/$10,000 for five workdays of remediation. (A full breakdown is available in the report.)

Downtime costs

Regardless of whether an organization decides to pay a ransom, how long does it take to return to normal operations?

In the study, businesses that didn’t pay ransoms had recovered their data quicker than those that did pay. Specifically, 70 percent of companies that didn’t pay a ransom were able to recover their data within a business day, compared to 46 percent that did.

Presumably, this has to do with whether a target had readily available backups, and lost time due to back and forth with extortionists or time spent making a payment.

One of the most important factors in determining downtime costs is specifying the value of the data that’s become unavailable. Is it critical to conducting business operations? Or is it nice to have but not essential like marketing or prospecting data?

Determining data’s value helps businesses formulate their recovery time objectives (RTOs). For non-critical data and applications, a 24-hour recovery time may fall within the RTO. For mission-critical data, a 24-hour recovery may exceed the tolerable limit and help drive the cost of downtime higher than the ransom itself.

Impact on client operations

Nearly half (46%) of the businesses in the survey reported client operations being adversely affected by a ransomware incident at their own company. This could quickly sever business relationships that take a long time to build and result in the loss of anticipated revenue. But that’s not even the riskiest aspect of client operations being affected.

The implications of supply chain attacks, especially for MSPs, came into sharper focus last year following the SolarWinds attack. Were a cybercriminal to compromise a trusted supplier to distribute ransomware, rather than for surveillance as in that attack, the costs could be enormous.

MSPs should seriously consider the possibility of becoming the source for such a supply chain attack, especially those with clients in critical industries like energy, public utilities, defense, and healthcare.   

Brand and reputational damage

Consider the headlines and airtime generated by ransomware attacks against high-profile targets. A Google search of “Garmin ransomware,” for instance, returns more than 1 million results. While your organization may not be a global tech giant, it also likely doesn’t have the staying power of one.

In Carbonite study, 38 percent of businesses admitted their brand was harmed by a run-in with ransomware. Beyond lost customers, publicity issues could force businesses to enlist the services of expensive PR or communications firms to repair the damage.

Businesses with the resources to do so should consider themselves lucky because the alternative is worse. Silence or an uncoordinated response to a ransomware attack – especially one that affects customers – can come off as unserious, callous, or ineffective.

Reputational damage in an age of heightened sensitivity to cybersecurity incidents can have significant consequences. Our data shows that 61 percent of consumers switched some or all their business to a competing brand in the last year, and 77 percent admit they retract their loyalty now quicker than they once did.

The list goes on…

By no means is this an exhaustive list of the hidden costs of ransomware. They extend to fines for breaches of compliance regulation, the rising costs of cybersecurity insurance, and a host of other unforeseen consequences.

TeleSwitch partners with Carbonite, offering our customers the most innovative solutions to protect their data from any and all unintended outcomes and implement best practices for business continuity and disaster recovery. 

You can find the original source and some additional information by visiting the Carbonite website or using the direct link below.
4 ways ransomware can cost your business (in addition to extortion)

Alvaro Vasquez
Previous

Hybrid Work for Businesses: Everything you need to know
Next

Migrating your ShoreTel Phone System to Mitel Connect