Fighting Ransomware in Mid-Size Enterprises
Gartner recently hosted a webinar on ransomware and the increasing threat to mid-sized organizations, as well as steps to take to improve vulnerability management and best practices for a ransomware response.
Why Mid-Size Enterprises are at Higher Risk for Ransomware
Gartner says that mid-sized enterprises (they profile as <$20M in IT budget, <30 IT staff, and 57% without CISO) are becoming a more common target for ransomware as hackers move away from small businesses and individual. And, while overall ransomware threat levels have decreased by 20 percent, they increased by 12 percent for businesses.
And, while ransomware is being used against every industry, Gartner shared that the top five were professional services (20.4%), healthcare (18.7%), software/technology services (11.7%), public sector (10.4%), consumer services (9.6%).
Should You Pay Ransom for Your Data?
That’s the million-dollar question. The average ransomware attack costs a company over $84K in ransomware payment, which is increasing since Q3 2018 when the average payment was under $6K. This doesn’t include the cost of downtime, which typically is 5-10 times the ransom.
Gartner points out that paying the ransom is a business decision with several factors. Ultimately, payment doesn’t guarantee recovery of your data in a format that is usable. In fact, their research indicates that 58 percent of extortionists attempt a second ransom after receiving payment. And, 42 percent did not decrypt the files after payment so the data wasn’t usable.
Also, they point out that Bitcoin transactions are public and traceable, meaning that it could be linked back to your organization if that Bitcoin is used for illegal transactions.
Their research also shows that, when organizations paid, 97 percent were able to recover their data and it took an average of 16.2 days to remediate the incident.
What’s Your Stolen Data Worth in Ransom?
Gartner gave a rundown of the current black-market value for various types of data:
- Restaurant/Retailer Gift Cards: 15% -50% of value
- Hotel Loyalty Programs: $10 -$20
- Login Credentials: $3 -$30
- Email Accounts: $1 -$15
- Stolen Identity (Name, DOB, SSN): $0.10 -$1.50
- ID/Passport Scans: $1 -$35
- Scanned Documents (Utility bill, etc.): $0.50 -$45
- Full ID Packages (name, address, SSN, email, bank acct., etc.): $30 -$100
Common Failure Points
The good news is that ransomware requires the same defense as malware. However, they point out that companies are still complacent in many areas they called common failure points, including these high-risk areas:
- Disable USB storage access
- Use tools that implement non-signature technologies -heuristics, behavioral monitoring, AI/ML
- Update your EPP in a timely fashion
Gartner says that 57 percent of organizations that had a breach found the root cause to be a known vulnerability. What’s worse, 56 percent of known vulnerabilities are not patched within 90 days of release.
Surprisingly, this is still a challenge. Best practice suggests a 3-2-1 approach: three copies of your data (1 production and 2 back-up), two media types for back-up, and 1 media type be located off-site.
Eight Steps for Ransomware Response
Gartner shares their eight steps for ransomware response, including these first four:
- Isolate the system(s)
- Identify point of entry and then close it
- Identify time of entry
- Prepare a new device from image
You can watch the entire webinar and download the slides to see the entire list.
What is your ransomware preparation, defense, and response plan?
We can help. CyLumena has the expertise and experience to mitigate your ransomware risk vectors, creating the capabilities to prevent ransomware and the confidence to respond if necessary.