In March, President Joe Biden signed sweeping cybersecurity legislation requiring certain industries to report breaches to the US Department of Homeland Security within 72 hours of discovering the incident, and 24 hours if they make a ransomware payment. Many states also require businesses to report violations.
Still, it appears that ransomware actors are widening their targets and continuing to release large amounts of private data if their demands are not met.
In the United States alone, the FBI documented 2,474 ransomware incidents in 2020, and the economic damage expected in 2021 from its attacks exceeds $20 billion, according to Cybersecurity Ventures; four times more than reported in 2017.
A recent Cybereason survey of nearly 1,300 companies around the world reveals the impacts of ransomware. 66% had large economic losses, 53% suffered damage to their image, and 42% could not cover all the losses with their insurance after being attacked.
What can be done in the face of a ransomware attack?
According to the cybersecurity firm Avast, the first hours of response to a ransomware attack are critical when it comes to minimizing the damage.
Having an incident action plan in place is key to acting quickly, and business leaders need to select the right employees to develop the plan and execute it. They may be the same people, but it is not always the case that those who are good at creating in-depth plans are also the best at “putting out the fire” when an incident occurs.
In general, the more contributors who know the basics of ransomware: what it is, how attacks occur, and what the risks are, the better.
But businesses also need to have a team of specialists who are “in charge” of the response. In the first hours and days after an attack, professionals who are experts in troubleshooting and identifying their causes will be needed.
“In previous decades, too often companies failed to take a holistic view of IT infrastructure and simply ‘plugged holes’ when they appeared. ‘Chaos engineering’, where IT infrastructure is experimented with taken together to see the effects of future outages, it can help businesses spot weak spots and fix them before hackers take advantage of them.”