It’s Friday morning. You’re the CEO of a mid-size financial advisory firm. You’re sipping coffee and reading the latest news when the call comes in.
It’s your office informing you your company is the target of a ransomware attack.
Your first reaction: “What! How could this happen? Don’t we have security measures in place to prevent these kinds of things?”
Or maybe your first response is more like this: “%@*%@!”
The cybercriminals are asking for a lot of money. And who knows if they will release your data?
What should you do? Do you cough up the money or do you have enough confidence in your company’s security measures?
If this sounds like something that will never happen to you, you’re wrong.
There’s been an alarming rise in ransomware attacks
In 2015, there were 3.8 million ransomware attacks, compared to 638 million attacks in 2016.
But what do these numbers really mean? Are small and mid-size companies being too laid-back about preventive measures? Are they cutting back on budgeting for cybersecurity due to its high cost?
Or are the cybercriminals just getting smarter?
Premal Parekh, a software developer at DbCom, sees a number of attacks coming in every second. “If you look at the number of attacks in the past decade, they definitely have gotten smarter. These hackers are using more powerful tools and smarter ways to attack our systems.”
Attacks could come in the form of phishing scams or even something as covert as a “zero-day attack.”
Hackers may be from highly skilled groups, or APTs (advanced persistent threats), carrying out large-scale, technically advanced attacks. Other opportunistic hackers might be less skilled but target companies whose systems are only lightly secured.
Whether you’ve been targeted by a technically skilled APT or a less-skilled hacker who’s discovered a system vulnerability, your business-critical data is still at risk.
What does this mean for you?
So cybercriminals are finding smarter, more creative ways to attack companies.
But what are the real consequences when you choose not to pay up? How dangerous is data loss to your business? Can your small or mid-size company really recover all you’ve lost?
And what are you really losing in the first place?
Loss of time & money
According to a recent study by Osterman Research, more than half of American companies reported experiencing a ransomware incident. And of those attacks, 44% took over nine hours for IT staff to remediate.
That remedial work can involve investigating the problem and backing up or repairing systems. And given the scope of the problem, you’ll probably be paying your staff overtime.
Plus, according to a 2016 study from IBM, the average cost of a data breach is 4 million dollars. A malicious attack costs more to remediate, and costs due to loss of business are even higher.
Loss of Reputation
Let’s face it, your company can’t function without a high level of trust from your clients. A ransomware hit can set you back for years. And you’ll inevitably spend a lot of time rebuilding relationships.
Robert Arnott, chairman and CEO of Research Affiliates, stresses the importance of trust in financial services: “If you can’t trust the people that you entrust with your money, then who can you trust? That’s a dreadful situation.”
Whatever sector of business you’re in, your customers need to know that their data is safe with you. And if they find out it isn’t, due to a ransomware attack, good luck doing business with them in the future.
Loss of business-critical data
Finally, your most obvious loss is data loss. Losing data that maintains your business is a critical loss. Nearly half of small businesses have to close their doors after experiencing a cyberattack.
And at the very least, cyberattacks in any form—ransomware, malware, virus, disk corruption, human error—can completely paralyze your entire businesses.
So what can you do?
Cybercriminals are opportunistic, looking for any loophole to make their move. And they don’t just target large companies. Small and mid-size firms are more impacted by such an attack than any large company.
The best solution is to be prepared.
Proactively build a comprehensive security plan that can relieve the burden of constantly hoping that you’re not the target of the next attack and question whether the current security measures you have in place are enough protection.
Here are three things you can start doing today
- Designate a team to define and execute detailed data security measures. Don’t leave this task to just one person. The more people involved, the better. That way, nothing falls through the cracks.
- Incorporate a firmwide schedule of monthly activity related to security, such as questionnaires. Or implement a “Data Security Awareness” month.
- Most importantly, migrate data to WORM (write-once-read-many) format
- Experts agree the best defense against data loss from any type of failure is to place it in a format that cannot be rewritten again.
- Use a D3P (designated third party) vendor that provides data security, and data storage retention to protect business-critical data.
- Use a vendor that addresses FINRA and SEC requirements.
“Because at the end of the day what is important is your data; your CPU, memory, can be replaced, but the data on your disk storage is irreplaceable and business critical.” –Pravin Khanolkar, CEO of DbCom
Looking for IT Management software? Check out Capterra's list of the best IT Management software solutions.