Why Paying Up Doesn’t Pay Off
Many organisations feel huge pressure to pay ransoms because they can’t afford to be offline or locked out of mission-critical systems and applications for days or weeks. The average downtime a company experiences after a ransomware attack is 7-21 days. Downtime is the most expensive aspect of a ransomware attack. Recovering from a ransomware attack is generally 10 times the size of the ransom payment.
The average total cost of recovery from a ransomware attack has more than doubled in a year, increasing from £761,106 to £1.85 million in 2021. It’s no surprise that this figure can potentially be much larger for organisations in certain industries, such as financial services, energy, and healthcare, where there’s a more direct impact on consumers.
Backups Only Address a Small Part of Ransomware Recovery
For more than 50 years, backup software has proven reliable in restoring data after application failures or data corruption issues. However, modern businesses today rely on enterprise apps, and data is mission-critical.
For any large enterprise with modern applications, they might have thousands, or hundreds of thousands, of transactions that occur in a single day. They can’t afford to protect data with a once-a-day backup. Many backup solutions have legacy security models, which make them vulnerable to compromise and for cyber attackers to take control of snapshot data.
Restoring from backups at scale requires a significant amount of effort. The process of restoring from backups has to be perfectly coordinated across several groups working together, notably backup and storage administrators, application DBAs, developers, and networking personnel. Even if it’s a successful backup, companies can only recover a file or a VM. Teams still need a way to start and configure the application and database servers to get an application fully up and running.
Ransomware attacks involve huge undetected dwell times. A recent IBM study found the average time to detect and contain a data breach is 287 days (212 to detect, 75 to contain). The timestamp delta between the last known good backup and the production application state right before the attack can be large. This gap typically represents significant losses in data, which adds to the total impact.
Do you know when most organisations try to restore for the first time? After they’ve been hit by ransomware. And that is the biggest factor in whether it brings a business down or takes a couple of hours to clean up.
If you strengthen your backup and have a Disaster Recovery Plan for all your critical business processes, the cost of recovery will always be less than paying the ransom for an uncertain outcome.
Ransomware attacks have become so common that it’s no longer a matter of if but, when, and the aftershocks are instant and painful. The expensive ransomware pay-outs, downtime costs from shutting down company operations, and permanent loss of company data can be detrimental to companies and most don’t survive longer than 6 months after a complete loss.
An organisation’s readiness level in each stage of the incident response process will determine whether one pays the ransom versus not. In other words, the less prepared you are, the easier it will be to pay the ransom.
Having a sound prevention and recovery plan for ransomware must be a top priority for every organisation, and it should not stop at solely implementing traditional cybersecurity and backup applications. These two applications serve their purpose, but they can’t be relied on as the only solution. Preventing long downtimes requires activating a recovery plan for your business-critical applications.