Friday, May 12, we began hearing reports of a massive ransomware attack sweeping dozens of countries with individual attacks in the tens of thousands. Investigations are getting underway and much more will be learned and disclosed; but already there’s an ominous thought emerging from this threat: are ransomware attacks becoming a normal risk of doing business?
Ransomware is now organized. Institutionalized. Perhaps even state sponsored. And for security and IT professionals this means it has become a prevalent and sustained risk and cost to the security of the business.
In the retail industry, there’s a parallel idea called shrinkage, and it costs retailers an average of 1.5% of sales per year – which translates into annual losses in the tens of billions of dollars. It’s theft: employee pilfering and shoplifting. The irony is, shrinkage is considered official accounting terminology; it’s a cost of doing business that’s built into retail financial models.
Are we headed towards the day when ransomware, too, will be normalized for the enterprise? As your corporate finance department prepares and distributes budgets to department heads, will they begin to include line item allocations for ransomware costs?
That may be. But even with preparation and accounting for the cost of paying out for a ransomware attack, the disruption and potential paralysis of business as usual is huge. We can be certain that the pressure on security and IT professionals to put new and more aggressive protections in place will increase. But tougher security measures can carry their own cost and risk: the loss of worker productivity as new security-related requirements are implemented. Controls could increase. Access to data and systems may be curbed, forcing workers to reach out to IT for a growing number of exceptional access grants. A “lock down” mentality opens a whole new host of challenges, and still doesn’t offer guaranteed protection from the next wave of ransomware attacks.
RES recommends looking at technology that actively protects the business from security threats, but in a dynamic way. Different contexts call for varying levels of security. Infected files and executables disguised as safes apps and data need to be detected and blocked, but offering user-friendly alternatives so productivity doesn’t take a hit. Protect yourself and your organization from potential ransomware “shrinkage.” Check out some of our recent content about RES security capabilities that can prevent ransomware attacks in your organization:
- More context leads to better blacklisting ( VIDEO BLOG)
- Whitelisting made easy: one hash, two hash, three hash
- Security: 7 ways we can help you
- Identity management – without context- is incomplete