Search

The REAL cost of a Ransomware Attack

So, what is ransomware?


"Ransomware is malware that employs encryption to hold a victim's information at ransom. A user or organisation's critical data is encrypted so that they cannot access files, databases, or applications. A ransom is then demanded to provide access." McAfee


Attackers are now doubling down on this by stealing your business data before alerting you. Then, even if you can recover from backups they can still extort a ransom not to release your organisational and private data to the public.


Ok, so your data is now being held for a financial ransom. What a difficult situation, but it doesn't end there... what are the other implications of this hostile attack?


Aside from the financial ransomware demand and inconvenience of losing your client and business data and potentially having it made public, other elements to consider which elevate the cost of the attack include:


💰 Operational downtime - often 2 days & the long tail to full recovery

💰 Penalties for unmet contractual obligations for existing clients

💰 Fines for non-compliance

💰 Angry customers leaving your business - loss of trust

💰 Damage to brand image

💰 Lost sales opportunities due to diminished trust

💰 The huge expense of attack incident response & data recovery


gif

And the final cost here takes us full circle to the cost of implementing the security controls, policies, procedures and allocating a sufficient security budget which could have prevented the attack in the first place. Having these in-place will greatly reduce the risk and impact of such an attack recurring.


A sobering read wouldn't you agree?


Prevention takes time, planning and effort but is so much easier and cost effective than mopping up the after effects.





8 views0 comments

Recent Posts

See All

CREST Accreditation Fortis is delighted to announce that we have recently become a CREST accredited penetration testing company. After a rigorous application process that assesses virtually every aspe

ISO/IEC 27001 is the international standard for information security management systems (ISMS) and was developed to help companies of all sizes, in any industry and virtually any country, systematical

A ransomware attack on a food-logistics firm in the Netherlands that caused six days of disruption to supplies at the country’s largest supermarket chain is thought to be the result of a vulnerability