Hiring employees, complying with federal and state regulations, and paying interest on borrowed capital: These are the common expenses of running a company. In today’s economy, is ransomware also the cost of doing business? From the multi-million-dollar Colonial Pipeline debacle to the cyberattack on the world’s largest meat processor, it is clear that there are gaping holes inside the nation’s digital infrastructure. These problems are relegated not only to massive corporations. Companies – large and small – are enduring a barrage of ransomware attacks that are causing immense losses and public relations nightmares.
Is launching a ransomware contingency fund now a necessary component of entrepreneurship?
Ransomware: A Primer
Ransomware is a subcategory of malware that derives from cryptovirology. The perpetrators encrypt the files on the victim’s system and layer them with extensions to hold it hostage. The purpose behind this malicious attack is to either threaten to expose the target’s data publicly or continually restrict access to the information unless a ransom is paid. It is becoming increasingly common due to new techniques, poor security, and the ubiquity of malware kits. But how prevalent is ransomware anyway?
It is estimated that ransomware attacks occur every 11 seconds, compared to 40 seconds five years ago. Industry observers projected that cybercrime had cost the U.S. economy anywhere from $7.5 billion to as much as $20 billion. Over the next four years, organizations worldwide will be investing more than $1 trillion in cybersecurity apparatuses. However, at the same time, reports suggest that cybercrime will still cost the global economy $10.5 trillion by 2025.
For years, the top five sectors affected the most by ransomware have been health care, the legal sector, food production, education, and manufacturing. Due to its size and importance these days, market analysts prognosticate that the parcel and shipping sector could be the next primary target of ransomware.
Some of the most widespread examples of ransomware attacks include Ryuk, SamSam, WannaCry, and Petya. They were primarily spread through emails with malicious attachments and dangerous links.
While Colonial and JBS have dominated the headlines as of late, there have been many other ransomware cases that spotlight the severity of the matter. In December 2020, Habana Labs, an artificial intelligence processor, saw its sensitive data stolen and then leaked online. In the same month, Randstad, the world’s largest global staffing agency, announced that hackers published private information without demanding a ransom. Foxconn, the transnational electronics juggernaut, was targeted by attackers who requested more than 1,800 bitcoins worth approximately $34 million.
The list continues with Barnes & Noble, United Health Services, Brookfield Residential Properties, and Cognizant becoming ransomware victims in 2020. However, it is not only the private sector that has witnessed a barrage of cyberattacks. Governments, public post-secondary institutions, and non-profit organizations have reported issues in recent years.
While ransomware has derailed the public’s day-to-day lives, it has blossomed into a national security threat, with experts calling it an epidemic for the planet.
James Shank, chief architect for community services at threat-hunting-specialist Team Cymru, recently wrote in a report:
“It is no longer speculation that ransomware can impact our way of life. It can. Colonial Pipeline and JBS USA impacted US citizens’ behaviours and prompted fears of shortages that turned into actual shortages. To think of it as terrorism fits the effects and impact of real-world ransomware cases today.
“Seeing this increase in prioritisation and to hear of this coordinated response by the US government is wonderful! We need coordinated response both in terms of public-private partnership but also on the global stage. Ransomware is impacting lives beyond our borders and involves actors beyond our borders. We cannot handle this alone and we must collaborate with the world community to address this global threat.”
The Cost of Doing Business in 2021?
Will this be a cost that companies need to bear for the next couple of years? Until an international framework and technological solutions are presented and everyone begins to take ransomware seriously, businesses – large and small – will need to calculate the costs of either shielding their data or paying ransom to unscrupulous individuals and entities. Officials recommend against paying these venal actors, but this is easier said than done when livelihoods are at risk.
This is life in 2021 – and beyond.
Read more from Andrew Moran.