Can Your Business Afford to Lose a HALF-MILLION EURO?
The Horrific Real Costs of Restoring Business Operations Following a Ransomware Attack
If you think your business is immune from Ransomware, you’re wrong. DB Computer Solutions’ IAN CUMISKEY outlines the true costs of restoring operations following a ransomware attack.
The tactic is so simple. An innocuous-looking email is received by an employee of a mid-sized business. The email looks bone fide. It’s from a supplier the company uses. The content is urgent: it asks to confirm a recent order for a component. The employee clicks on the link. Then all hell breaks loose.
The malware enters the company’s IT systems though the employee’s PC and sneaks across the LAN. Within moments, vital operating data has been encrypted and is beyond reach. Accounting and management systems no longer functions. Invoicing and creditor payments are impossible. Manufacturing, stock control, order processing and fulfilment grind to a halt. Payroll and HR are frozen. Employees begin to scream because salaries are no longer reaching their bank accounts.
In the head office, the phone rings off the hook. Suppliers, customers, heads of departments and support staff want to know what’s going on. The managing director stalks to a PC. The screen is filled with a threat. A gang of criminals, probably based in Russia, is demanding €50,000 to restore the data or they will delete it forever. The MD turns to the company’s IT director, ordering her to restore the system with the latest backup. The director reminds her boss that he had never approved the backup and data restore investment she had recommended twelve months ago. The only backup they have available is six months old and not fit for purpose.
It is only then that the managing director begins to sweat as he realizes the damage that has been caused. In the course of only moments his business, which has an annual turnover of €9 million and took over twenty years to build, is threatened with extinction.
Think it won’t happen to your company? Think again.
“More and more businesses are contacting us because they have been targeted by a successful ransomware attack and urgently need help,” says DB Computer Solutions managing director Ian Cumiskey. “Our experience, as well of those of other IT companies in our sector, proves that successful ransomware attacks are ramping up.
“What is unfortunate is that many managers believe they are fully protected against this type of attack, or are too small to be noticed by criminal gangs. This line of reasoning is, of course, faulty. You don’t have to be the size of the HSE to attract attention. The recent statistics regarding successful ransomware attacks bear this out.”
The Real Cost of Ransomware Recovery
Recovering from a ransomware attack is a harrowing, disruptive experience. Cumiskey points out that getting vital systems up and running is only a small part of the time and cost.
“Never, ever pay the ransom and for good reason,” he states. “First, you’re only funding additional criminality. Second, and even if you do pay the ransom, history proves that you’ll only get back a small percentage of your data.”
IT infrastructure and data recovery is a gruelling, many-hour, many-week process. Because malware may be hidden anywhere within a business’s systems, all applications and data must be fully deleted. Storage disks and flash drives must be cleansed. Suspect, unprotected, backup storage devices must also be cleansed and reconfigured.
“The infection can be hidden anywhere, on any device with access to the IT system,” Cumiskey explains. “To be sure that all malware is deleted, every device must be cleansed thoroughly. Following a ransomware attack, it’s like you’re starting all over again, almost as if you were installing an IT system from scratch.”
Rebuilding costs depend on the amount of uninfected data your business might have left, if any. Applications must be reinstalled on cleansed storage. Raw data, if it can be found, must be rekeyed into those application. And if that data is unavailable?
“Let’s take a situation where you’ve lost all stock data because it has been encrypted. You have a couple million euro of inventory spread around multiple locations. The only way to get that data back is to conduct a manual stock-take which is going to take days if not weeks. During that period, your production system remains virtually unusable. In my experience, fully recovering from a successful ransomware attack can takes months if not more.”
In the meantime, turnover falls like a brick because of lost orders. Inefficiencies in workflows due to short-term manual processes that have been adopted after the attack increase operating costs. Customer goodwill suffers because pending orders are late or can’t be fulfilled. This leaves a long-term hole in future sales pipelines and revenues. Supplier relationships erode due to late payments and declining orders from your company.
“Research states that the total cost of recovering from a successful ransomware attack can be as much as ten times the amount of any demanded ransom,” Cumiskey points out. “That means that if a gang asked for fifty-thousand euro in ransom, and even if you don’t pay it (as I’ve already recommended), it could cost a company as much as a half-million euro or even more to fully recovery.
“A half-million,” Cumiskey muses. “Think what you could do with that kind of money for your business. Instead, your business is suffering as are you, your family, your staff, your suppliers and your customers. All due to the nefarious actions of unseen criminals, and the decisions you could have made to prevent it.”
The Modest Cost for Protection
Mitigating the threat of a successful ransomware attack doesn’t cost a fortune. It’s a matter of planning, and implementing, a programme of works while incurring a modest investment.
“Start with the basics,” Cumiskey suggests. “Conduct backups, stored both on-site and off-site, on a disciplined basis, preferably every day but at least once a week.
“Decommission old IT infrastructure and / or make certain your business is no longer using Windows 7 or other unsupported operating systems. Out-of-date software like this offers easy points of access for criminal gangs and is only inviting trouble.
“Plan a stringent disaster recovery strategy. As you do that, assume what would happen if a criminal gang were able to encrypt all of your data. How do you recover from that, and how long would that recovery take? Update all software applications with the latest versions as soon as they become available. A well-designed backup and DR strategy can minimise data loss while getting systems back up and running quickly.”
Cumiskey states that no defensive strategy will provide one-hundred percent protection against wilful criminals, but a modest investment in backup and DR can significantly reduce the risk.
“You’re talking a few thousand euro per year, or less, to protect vital data in the event of an attack. By doing your best to prevent such an attack, you’re also mitigating the risk of incurring hundreds of thousands of euro in costs if an attack is successful and your operations are disrupted.
“To me it’s simple. Protect your business now or take a risk that the criminals will win.”
For more information on Backup and Disaster Recovery from DB Computer Solutions, contact us:
firstname.lastname@example.org 061 480980