Cyber Insiders - Magazine - Page 20
Continuous
vigilance,
excellent
threat
intelligence, a team of fierce threat hunters and a
strong cyber threat posture are key to ensuring
4. My organisation isn’t a target for
ransomware attacks
that attackers are detected and ejected early on
before they have the chance to launch their
This
attack.
misconceptions
belief
stems
about
from
two
common
ransomware
attacks;
firstly, that criminals only target big organisations
3. Financial losses are limited to the
payment of the ransom
and secondly, that their data isn’t valuable
enough to make them a target. Unfortunately,
this simply isn’t true.
The financial impact of a ransomware attack
No business, large or small is immune to the
does not end with the ransom, in fact it can be
threat of ransomware, so don’t let the size of your
just the start of a company’s financial woes.
business determine your cybersecurity strategy.
Between
the
cost
of
ransom,
business
interruption, remediation and rebuilding, a less
prepared private organisation can easily go
bankrupt because of a single ransomware attack.
In addition to the immediate up-front costs,
organisations can also face exposure to thirdparty
claims,
suffer
irreparable
reputational
damage and face stiff fines from governing
bodies such as the ICO.
Ideally, business leaders should discuss upfront
whether to pay or not in advance of an attack to
Cyber criminals don’t discriminate, if they see
value in your data they will go after it no matter
the size or industry of your business.
In fact, both the FBI and NCSC have noted in
2022 that they’ve seen cyber criminals are
shifting away from big-game hunting towards
targeting mid-sized businesses to avoid the
public scrutiny that comes with going after bigname targets. Increased pressure from police
agencies
and
high-profile
arrests
of
cyber
CYBER INSIDERS MAGAZINE
20
criminals is driving this shift.
avoid the additional pressure of having to make
such an important decision during a chaotic and
stressful situation. Of course, depending on the
circumstances they may have to change their
position e.g. the cost of not paying the ransom is
prohibitive.
However, having a decision-making framework in
place and fully understanding the potential
impact of a ransomware attack will enable
businesses to make better decisions before, after
and during an attack to minimise its financial
impact.