Ransomware: Once you’ve been hit your business is never the same again
Getting hit with a ransomware attack damages an organisation in many ways – from stopping it being able to fully operate for weeks, to angry customers and potential reputational damage. But a ransomware attack also has a human cost, affecting the confidence of IT and information security teams and potentially for a long time after the initial attack.
A new research paper by cybersecurity company Sophos says the extent of this confidence hit is so significant that the culture at these companies is never the same again. That’s perhaps not surprising as there area some suggestions suffering a major attack can make your organisation more likely to be hit again because criminals will identify it as an company that could be easy target.
According to the survey, nearly three times as many IT and information security staff in organisations which have been hit by a ransomware attack feel as if their organisation is ‘significantly behind’ when it comes to facing cyber threats, compared with those in organisations which haven’t suffered a ransomware attack.
That lack of confidence also extends to business leadership, where management of a company hit by ransomware will also perceive the company to be significantly behind on cyber threats, compared with companies which haven’t.
More than one third of ransomware victims said that recruiting and retaining skilled IT security professionals was their single biggest challenge when it comes to cybersecurity, compared with just 19% of those who hadn’t been hit.
Being hit with a ransomware attack also appears to have an impact on re-skilling and training employees, with the results of the survey suggesting that organisations which have fallen victim to a ransomware attack are more likely to implement ‘human-led’ threat hunting on their networks over those which haven’t been hit.
The idea is that by having human eyes on the network, it could be easier to spot unusual activity which could be the hallmark of an incoming cyber attack.
This could prove to be important for organisations which have fallen victim to ransomware attacks which could also find themselves more vulnerable to additional cyber threats following an incident.
The report suggests that almost a third of organisations hit with ransomware have five or more third-party suppliers directly connected to their network.
Third-party suppliers have become a significant entry point for cyber attackers, so by having defenders monitor the supply chain, it could go a long way to preventing ransomware and other kinds of cyber attacks. Unfortunately, it seems that in some circumstances, falling victim to a ransomware attack is what’s required to shift attitudes to security.
“The difference in resource priorities could indicate that ransomware victims have more incidents to deal with overall,” said Chester Wisniewski, principal research scientist at Sophos.
“However, it could equally indicate that they are more alert to the complex, multi-stage nature of advanced attacks and therefore put greater resource into detecting and responding to the tell-tale signs that an attack is imminent,” he added.
However, despite the number of organisations which have fallen victim to cyber attacks, the report concludes that it’s “encouraging” how information security teams are evolving, especially when it comes to reacting to ever-evolving threats.
READ MORE ON CYBERSECURITY