As of August 2023, cyber attack was occurring every 26 seconds globally. According to the FBI and Interpol, approximately 33 billion accounts will be breached by the end of 2023. That’s about 97 cybercrime victims being created each and every hour!

In Canada, the number is closer to one a minute – but that’s still an unfortunately and unacceptably high figure!

This also means there have been double-digit increases in success criminal network breaches this year.

Unfortunately, there have been corresponding increases in the cost of these crimes. In 2022, the figure was $6 trillion, and experts estimate the figure will rise to $10.5 trillion by 2025. That’s a 175% increase within two years.

Ransomware and Remediation Both Hit the Bottom Line. Hard.

Although the ransomware fee – if it is paid by the company – represents an interesting sum, the majority of the costs companies face when victims of a successful cyber infiltration, fall into four categories.

1. Ransomware Payouts

2. Investigation and Remediation

3. Business Interruption

4. Brand Reputation – and even Business Implosion

Ransomware Payouts

On average, the ransom was paid out by 44% of Canadian firms last year, and of those, nearly 95% were able to fully restore their data – though some had trouble getting everything up and running smoothly.

The average payout amount was $140,000, or about 16% of the total remediation costs, with recovery and restore being only part of the additional expenses.  Obviously, there were some small payouts, but there were some very large ones, too.  It should be noted that the insurance companies did not pay the ransomware in all cases.

Investigation and Remediation

About 40% of the total cost associated with a breach is for identifying the problem, resolving it and then preparing to get the company back up and running.

Reducing Remediation Costs

Here are things you can do:

• Have a solid breach preparedness plan. It should be developed in tandem with all departments within the organisation. You can download a list of elements to include here .

Your plan needs to be shared with department heads, and regular reviews and practice drills should be held. It’s also important to print and post the steps to take in the event that you get hacked. After all, the plan will do you no good if locked on the server.

• Backup data operating systems along with all special configurations, as well as keeping a record of which users, and devices, have access to what programs. In terms the backup, it is advisable to have this as an automated process by using a program such as the one from VEEAM.

Cautionary note:  You must ensure that the back-up system you choose does not synch automatically back to your network, or you risk re-infecting your network if you saved a file containing malware. This is especially problematic if the virus laid low for a long time before deploying.

Your needs to be backed up in three locations – one of which can be the cloud.

• Ensure your data is backed up in two locations that are not on premises – and that each of these is located in different geographic areas.

• If your organisation is small enough, also back up your data, operating systems and keys to an external hard drive. You can get them with 22 TB of capacity or more – and solid state is best.  I have two.  One that I keep where I work and the other at home.

• Engage the services of a third-party Disaster Recovery firm. If you are going to manage this yourself, remember there is a big difference between backing up your data and being able to restore everything to pre-attack operating status. If you’re doing this internally, it’s advisable that you routinely practice restoring your systems and data, right from bare metal, in the event of a total system collapse.

• Work with a DraaS firm. It’s far better to engage the company before you need its services, but this truly is a case of “Better late than never”. It is helpful to have someone who knows exacty what to do, with the experience and current knowledge of the nastiest malware out there – especially since your team will be contending with other matters. The ones we work with can all be working to set things right within 30 minutes or less.

• Deploy software, such as Cisco’s Secure Network Analytics will give you visibility and secure intelligence across the entire organisation before, during and after attack. Continuously monitor your network to provide real-time threat detection incident response forensics. It also helps with ongoing threat hunting which is an important part of maintaining your network security.

Business Interruption

Every moment a company is unable to serve its clients, manufacture items or delivered much needed services, it cost the company money. In the event of critical services such as hospitals and infrastructure, the toll can be life-and-death, literally.

Brand Reputation – and even Business Implosion

Loss to brand reputation can take the biggest toll on an organisation.  This is especially true if customers take to social media to complain about your downtime or clients’ personal information is leaked onto the dark web.

If you are as well known and trusted, you might recover from the attack, just as LinkedIn did after the August 2023 breach. If not, you may not survive. Approximately 20% don’t.

Worse, is something that people don’t discuss as often, but represents an increasing component of the costs associated with cybercrime. It is the theft of corporate strategies and intellectual property.

There is a disturbing amount of corporate information available for sale on the dark web.

AvosLocker is a company that has been offering Ransomware-as-a -Service to criminals since 2021, and is known for targeting critical infrastructure, government and other public facilities, financial services and manufacturing in Canada and the US, Europe, including countries such as Belgium, Germany, Spain and the UK, as well as countries like Taiwan, Turkey Syria, Saudi Arabia and others. It often has corporate property data available for sale.

As do other access brokers.

Proprietary processes, patent formulas, client list and more.  All can be had for a price. And a relatively low price, at that.

It’s estimated at least two companies globally are forced out of business each and every month, because their proprietary information has been stolen.  Competitors, sometimes new companies that form for the sole purpose of taking over an established business, have managed to procure everything needed to make the product(s).  They also “steal” the original company’s customers, and capture a larger market share, with a lower-priced, yet seemingly comparable product offering. And, sadly, this figure is escalating.

Corporate espionage is often behind attacks, especially nation-state ones, but in over 90% of corporate breaches, employee and client personal data is also stolen.

Preparation and planning can help protect your people and profits.  To learn more, please contact us at [email protected] or call us at 416.429.0796 or 1.877.238.9944 (toll free).