It’s no secret that recovering from a ransomware attack can be costly.
Last year, ransomware attacks cost organizations globally an estimated $57 billion, and this already eye-watering figure is expected to jump to $275 billion by 2031.
Unfortunately for organizations, ransomware attacks are no longer a question of if or when, but rather how many times they will occur.
But while you might not always be able to prevent incoming ransomware attacks completely, what organizations can consistently control is how they respond. And this response will have a big impact on your final ‘ransomware bill’ when the dust has finally settled.
The many financial factors here include: do you have immutable backups in place (or do you have to consider paying the ransom), how long are operations offline, and is any data lost permanently? So, it’s not just a question of ‘can you recover?’ but ‘how well can you recover?’.
So how can you address this and trim down that bill?
Ransomware tab bigger than you expected?
First, organizations need to understand how they got here. Traditionally, the responsibility for cyber resilience and ransomware would have sat squarely in the hands of the security team. But in today’s digitally connected world, the responsibility for ransomware protection and recovery needs to extend further.
Despite this, many organizations are yet to get the memo. In fact, over half of organizations reported last year that they needed a significant overhaul of their IT operations and security team alignment.
They continue to focus all of their ransomware recovery planning within the security team, meaning that when attacks do occur, they’re left scrambling to coordinate with the rest of the organisation. The result? Deadly misalignment that drags out recovery times – and costs.
Take the spate of high-profile retail ransomware attacks across the UK last year. After the dust had settled, the numbers were tallied up, with estimated costs just shy of half a billion.
This wasn’t just due to the IT costs; it was a result of the lengthy downtime the incident caused, with services across the business left out of action, or significantly reduced for months afterwards. It didn’t just cost the victim valuable sales; it also had a knock-on effect on their suppliers, disrupting their business too.
It’s not that these organizations didn’t have data recovery plans; it’s that they couldn’t implement them fast enough. And in a ransomware attack, time is quite literally money – the highest direct cost of downtime is lost revenue.
On paper, your security and IT infrastructure teams might have interconnected plans, but if your security team is the only one regularly testing and refining their plans, then those connections will fail. In practice, these teams might well be trying to work together, but security teams will likely be left trying to pick up all the slack, and there’s only so much that a security team can handle. Despite their best efforts, it will have a knock-on effect on downtime and overall recovery time.
This disconnect has already been recognized by regulations such as NIS2 and DORA across the EU, which both place increased responsibility for recovery and resilience on the shoulders of senior leadership, not just security teams. So why wait?
An investment that pays for itself
Admittedly, it is easier said than done to align ransomware recovery across all of your relevant business teams. But it’s worth the effort. You might spend big on the best-in-class security and recovery tools, but they don’t define your resilience – it’s all about how you use them.
Technology needs to be aligned with wider business strategy, your people, and your processes. Yes, invest in high-quality tools, but don’t neglect investment in your training and preparation. It’s not about throwing more money at the problem; it’s about spending it in the right place.
Spreading investment more evenly across the board might end up costing you a little more in the short term, but done right, it’s an investment that won’t just pay for itself; it’ll drive additional revenue too.
We’ve already seen that organizations with better resilience, characterized by this approach, don’t just perform better on paper; they perform better in profits too, with a 10% higher average revenue growth rate.
Organizations with mature resilience don’t just recover 30% faster from ransomware, but their downtime costs are 2x lower on average. The way forward is clear – organizations just need to take that first step.
Closing your tab
Unless organizations change their approach to ransomware recovery, these costs will keep mounting. Ultimately, your security stack can only get you so far without empowered teams and standardized execution of resilience measures to match. Otherwise, in times of crisis, you’ll be scrambling to respond when you should be acting decisively.
It can be hard to know where to start, but tools such as Data Resilience Maturity Models can help here. They assess your current levels of preparedness and produce practical guidelines to turn your current tools and your talented teams into a fully aligned ransomware recovery strategy.
Tying your resilience directly into business strategy to ensure threats are anticipated, governance is enforced, and compliance is met and maintained. And most importantly, ensuring that you’re not spending more on ransomware recovery than you need to.
We list the best online cybersecurity courses.
This article was produced as part of TechRadar Pro Perspectives, our channel to feature the best and brightest minds in the technology industry today.
The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/pro/perspectives-how-to-submit
https://cdn.mos.cms.futurecdn.net/mdjvPqJZZunuCQDrfEuBFM-2560-80.jpg
Source link
