Dismantling the Ransomware Business Model
By Jonathan Bridges
Every day, coordinated crime groups are developing more advanced skills to attack organisations’ networks. The number of ransomware attacks has increased significantly, and it’s getting easier for sophisticated cybergangs to access companies’ data. As the ransomware business model becomes more refined and organisations are under rising threat, the stakes are high. In fact, ransomware attacks could cost businesses as much as $265 billion per year globally by 2031, compared with only $20 billion in 2021–a 13X increase in 10 years.
Despite this, the concern many companies are expressing isn’t quite enough to balance the risk they’re exposed to. This trend of cybersecurity apathy means that only 15% of IT leaders are currently prepared to face a ransomware attack. Business leaders must understand that all organizations are potential targets for cybercriminals. The question is not if a business will face an attack but when.
And the consequences of an attack can be immense. For example, a company may have to stop all activity for between 20 and 30 days, on average, which leads to an enormous waste of time and money. From our experience, ransomware attacks may lead to a daily loss of £274,000 in revenues for an organisation making £100m profits every year. The only way to resume activity and prevent a huge financial loss is to pay up. In the UK, over 80% of businesses pay ransomware demands, making it the country most likely to pay cybercriminals worldwide.
As long as businesses pay, ransomware remains a profitable industry and this vicious cycle will only continue. Companies must react and focus on developing defence strategies to stop cybercriminals in their tracks.
Understanding the Ransomware Business Model
Ransomware has become a very lucrative industry, offering full-time jobs to thousands of individuals around the world. People are hired to conduct reconnaissance and ensure attacks are perfectly coordinated to leave businesses no other choice than spend millions to protect their own and their customers’ data, financials and reputations.
Everyone has a very specific role when it comes to performing attacks. So-called ‘co-located sophisticated organised crime groups’ are made up of money specialists, data miners and coders. The more businesses fall victim to attacks, the more powerful these groups become. What makes things trickier is that not all groups are motivated by financial gain; some gangs are state-sponsored and not beholden to financial profit from their efforts, meaning simply refusing to pay the ransom is not enough.
Changing the Apathetic Mindset
Organizations must implement preventative measures to defend themselves against these increasingly prolific attacks. While many believe cybercriminals only target large-scale or well-known brands, this is a misconception. All businesses, regardless of their size, are vulnerable.
Research reveals that one in three employees does not understand the importance of cybersecurity at work. A quarter of employees also said they didn’t care enough about cybersecurity to mention if they had been involved in an incident, showing a clear lack of collective responsibility amongst the workforce. Cybersecurity apathy is an issue that needs to be addressed across the business to reduce the risk of falling victim to an attack. It is the responsibility of all employees to understand how their roles and actions play a part in protecting the company and managing its overall security posture.
Cyberattacks may seem an inevitability, but it is still possible for companies to prevent them and limit the consequences. If companies take security seriously and implement a ‘military grade’ defence strategy to empower their teams, there is a high chance they will be able to avoid data breaches.
The Importance of Adopting Military-Grade Security
The fast-paced cybersecurity landscape requires companies to cut off threats at the source. The best way to do that is to look to the once-mysterious defence sector for security inspiration. Businesses don’t have to invest a huge amount of money or build a completely new security system; they simply need to strengthen their infrastructure and adopt efficient technologies to help anticipate and prevent attacks.
For example, with air gapping technology, organisations can keep specified devices off main servers so they can act as backups or ‘safe zones’. Immutable data is then held in isolated environments and can be used to help business recovery in the event malicious actors gain access.
But new technology must always be accompanied by a robust recovery plan. The 30/3/3 model is often recommended to ensure employees clearly understand what data needs to be recovered in 30 minutes, three days and three weeks, should attackers succeed in entering a company’s network. Businesses that adopt this model no longer need to make tricky decisions about what data to salvage in times of crisis. Organisations can instead focus their efforts on mitigating potential chaos and saving data that is essential to keeping the business going.
Keeping Defence Strategies up to Date
The cybersecurity landscape is constantly moving and evolving and businesses must regularly adapt their defence strategies to keep up. Maintaining apathetic attitudes only makes them more vulnerable and likely to fall victim to an attack, the consequences of which should not be overlooked.
https://securityboulevard.com/2023/03/dismantling-the-ransomware-business-model/