When a company is hit by ransomware, the cost of paying the ransom is rarely, if ever, the full cost of the cyberattack. For a small business (SMB) operating without access to flashy, expensive cybersecurity resources, being forced to halt operations entirely while data is being held for ransom can mean thousands of dollars lost and can mean the very future of the business is put in jeopardy.
Research released by Malwarebytes earlier this year in its “Second Annual State of Ransomware Report” found that more than a fifth of small businesses hit by ransomware said they were so crippled by the attack that they had to immediately stop operations. And while most said they acknowledged ransomware as a significant threat, less than half said they were confident they would be able to deal with a ransomware attack.
In September, Europol data found that ransomware has become the top cyberattack of the year, thanks to the size, type and range of these attacks.
Hyder Rabbani, CyberSight COO, recently told PYMNTS that adding to businesses’ lack of preparedness is the fact that often, traditional antivirus software is incapable of fully addressing the threat of ransomware.
“Business interruption is inevitable,” he said. “Customers we talk to indicate that sometimes it’s a week or more before they can be up and running, even if they pay the ransom.”
For small businesses, ceasing operations even for a few days can have a massive impact in terms of lost sales, wages that business owners still have to pay employees and the like, Rabbani said.
“What’s often overlooked is the true value of how much losses are being incurred by businesses that can’t operate on a day-to-day basis,” he added.
Indeed, separate research from Ponemon Institute published in March found that most small businesses have already experienced a ransomware attack, with 48 percent reporting that they paid an average of $2,500 to regain control of their data and systems. But the cost of the attack didn’t stop there. A third said they had to invest in new data security technologies as a result from the attack, and nearly the same said they lost money due to downtime while data was being held ransom. Nearly a third said they lost customers, and nearly a quarter said their reputation was diminished, which similarly play a role on financial losses.
That means the cost of the ransomware isn’t the dollar (or bitcoin) value of the ransom itself.
According to Rabbani, “no one is really immune” to a ransomware attack, but small businesses can often struggle with this threat.
“There are a lot of cybersecurity solutions out there, including anti-ransomware solutions,” he said. “But they’re rather cost prohibitive for most small businesses. When we talk to small businesses, they often say, ‘Yes, we know we’re exposed, and we kind of just pray we don’t get hit.’”
There are a lot of companies, however, that remain unaware of the threat and unaware that traditional antivirus software is often unable to provide adequate protection. Rabbani explained that many antivirus solutions that do address the threat of ransomware are unable to detect and mitigate different strains and evolutions of ransomware as attackers work to circumvent existing safeguards.
“The problem becomes very prevalent when you have new ransomware strains that haven’t been seen before,” the executive explained, “or in many cases, ransomware strains that have evolved a little. You might have ransomware that came out and was stopped and identified six months ago, but then attackers change it a little, and now it’s a different strain of ransomware that antivirus software is not able to catch.”
These factors — the cost of sophisticated anti-ransomware tools, coupled with the inability of traditional antivirus software to address the problem — has led CyberSight to release RansomStopper, which Rabbani said aims to provide a holistic anti-ransomware service to consumers, small businesses and larger enterprises that they can actually afford.
CyberSight, which announced the launch of RansomStopper this week, noted its use of machine learning to protect systems against ransomware before an attack takes hold. It’s exemplary of how the cybersecurity industry as a whole is deploying some of the most sophisticated technology available today to protect businesses and consumers.
And yet, Rabbani acknowledged that the cyberattackers themselves are doing the same.
“It’s a cat-and-mouse game, if you want to call it that,” he said. “For many years — decades — we’ve seen this happen, where as soon as antivirus solutions become better able to stop viruses, the perpetrators get more sophisticated. That sophistication will only continue to increase, but what has to happen is there needs to be multiple layers of protection.”
A single antivirus or anti-ransomware solution is probably not going to fully protect a business no matter how sophisticated the security tool is. But what can protect a company, Rabbani said, is a multi-pronged approach, which can come in the form of many strategies, from behavior changes to technology.
“There are good practices, things like, don’t pick up a USB stick you find in a parking lot — that’s pretty self-explanatory, but you’d be surprised,” he said. “Everything from, don’t open emails with attachments that might be a little too attractive, or that might be asking for things like W2 records to data backups.”
“There’s not one thing any business or individual can do to stop everything,” he continued. “It needs to involve several steps.”