Being hit by ransomware can be a major detriment to a business—whether or not they decide to pay the ransom. A recent study found that 37% of all businesses were hit by ransomware in 2021, and an astounding 32% of victims paid the ransom to recover only 65% of their data. This creates a lose-lose situation for victims of an attack, resulting in a hit to financials and operations, no matter which option they choose. And it’s not just big corporations that are the victims of such attacks; any business with any digital asset can be the target of cybercrime.
It’s no surprise that attacks are costing organizations dearly. Ransomware cost the world $20 billion in 2021, and that number is expected to rise to $265 billion by 2031. Recovering from a ransomware attack cost businesses $1.85 million on average last year. Serious incidents don’t just result in obvious expenses—third-party forensics, IT overtime, and regulatory fines. There are also potential legal costs, customer churn, and reputational damage. Don’t forget about the soft costs of notifying customers of an incident, greater difficulty attracting new customers, and potential loss of business partners.
From start to finish, the cost of a cyberattack can have a significant impact on a business’s bottom line.
See also: 5 Top Network Detection and Response Tools for 2023
Who’s to blame?
There’s no denying that remote work during the pandemic created an expanded attack surface and made organizations more vulnerable to cyberattacks. As businesses invested in more cloud infrastructure to accommodate the needs of the changing workplace and workforce, insufficient security training as a result of the fast transition found remote staff more likely to click on phishing links and engage in other risky behavior. Threat actors had a new vector to attack—remote access infrastructure such as remote desktop protocol (RDP) became the new target.
We can't be in denial that the data breaches in recent years have also created a pool of targets for attackers; stolen personally identifiable information and credentials pose a greater risk to organizations when infrastructure and applications are exposed.
Traditional workplaces have their own security weaknesses, but the shift to remote work caused businesses to have to move quickly and address an entirely new set of challenges. Given these new realities, organizations need to step up their security game and find a better way to protect themselves against email-borne social engineering attacks and misconfigured and unpatched cloud and remote access infrastructure.
See also: Top Tech to Adopt, Explore, and Watch in 2023
It’s time to invest in effective cybersecurity
As the volume and cost of cyberattacks continue to surge, one-in-five U.S. and European organizations report that they have come close to filing bankruptcy as a result of a cyberattack. This alarming statistic underscores a simple reality—it is far less costly to invest in effective cybersecurity than it is to recover from a successful cyberattack. But where do you get started?
To address cybersecurity head on and to avoid breaking the bank, organizations should implement fundamental tools and best practices to mitigate major attack vectors.
See also: Will New CISA Guidelines Help Bolster Cyber Defenses?
What should businesses do?
Invest in Comprehensive email security
Comprehensive email security can help businesses stay ahead of increasingly complex attacks. An effective defense should have advanced phishing and impersonation protections to protect against attackers who have developed an ability to evade traditional defenses. Phishing and impersonation attacks use customized social engineering tactics to trick your email users into providing credentials, paying an invoice, or sharing sensitive documents. It’s up to organizations to leverage tools that detect the more sophisticated threats that basic email gateways can’t.
Comprehensive email security also requires implementing multi-factor authentication (MFA); when enabled correctly through a common identity provider, MFA will secure other supported SaaS applications and infrastructure assets. MFA is an additional layer of security that works with user credentials to confirm that the user is who they say they are. This way, it can protect against attacks that rely strictly on the username and password combination.
Businesses should implement security awareness training to help employees better identify social engineering attempts. Security awareness training helps to minimize risk and can help organizations of all sizes prevent the loss of PII, IP, money, and brand reputation.
An effective training program drives awareness, reduces threats, prevents downtime, ensures compliance, and improves customer confidence.
Update outdated tools and technology
In a world that operates on cloud, businesses should ensure their tools and technology can keep up. Ensuring continuous cloud monitoring and remediation to comply with security policy can be critical for end-to-end visibility of the organization’s security posture in public-cloud deployments, automated compliance monitoring, and remediation of security controls.
Modern, targeted attacks and zero-day threats require progressively sophisticated defense techniques that balance accurate threat detection with fast response times. Technologies such as next-generation firewall technologies can ensure real-time network protection against a broad range of network threats, vulnerabilities, and exploits, including SQL injections, cross-site scripting, denial of service attacks, trojans, viruses, worms, spyware, and many more.
Businesses should also ensure they have more streamlined zero-trust, posture-monitored remote access for staff, reducing attack surfaces compared to VPNs and allowing users to access SaaS applications and cloud infrastructure from any device securely.
Prepare for the worst
It’s not if a business will be breached. It's when—and all businesses need to prepare for the worst. This means implementing incident response planning and regular testing. A strong incident response plan enables a timely, consistent, and appropriate response to suspected and confirmed security incidents. It's not only important to have a plan, but regularly testing that plan is also vital.
In addition to knowing how to respond, having regular backups, including one copy offsite and offline, can help protect critical data in the event of an attack. Cyber insurance is another proactive approach to security. Although premiums are increasing, organizations with best-practice security controls in place may be able to strike better deals and gain increased coverage that may save the day.
Cyberattacks represent nothing short of an existential threat to many businesses. With both costs and attack volumes surging, a relatively small investment in cybersecurity today could save considerable pain and money further down the road. Knowing where to focus that investment is key.
Fleming Shi is Chief Technology Officer at Barracuda Networks.