Site icon IT World Canada

Ransomware: strategies to reduce the risk of data loss and downtime

Graphic to illustrate ransomware

Image by Tomas Nevesely via GettyImages.ca

Ransomware continues to be lucrative for criminals in 2022, with attacks growing in sophistication, and targeting both businesses and individuals. Businesses know the risks and the need for protection, but as we experience what the European Union Agency for Cybersecurity (ENISA) calls “the golden era of ransomware,” it’s important to understand how these attacks are evolving, and what can be done to prevent, address, and recover from them. 

Ransomware, which encrypts and denies access to critical data while demanding ransom be paid for access to be restored, affects many Canadians. According to Angus Reid, critical Canadian infrastructure was the target of more than 100 ransomware attacks in 2021, and 30 per cent of Canadians said they have been indirectly affected in situations where their data was held by a third-party who was attacked; with one-in-10 saying their personal accounts have been affected. The Canadian Internet Registration Authority found that 69 per cent of organizations targeted by ransomware paid the ransom. Globally, the average ransom paid appears to be about C$200,000. 

But the ransom is only part of the cost of these attacks. The cost of recovery for organizations and individuals has jumped from less than C$1 million in 2020 to C$2.3 million in 2021, according to the Communication Security Establishment’s (CSE) Canadian Centre for Cyber Security. The CSE suggests the stability of ransom payment amounts could be due to criminals tailoring their demands to what victims will pay. Around the world, ransomware attacks grew by 151 per cent in 2021. 

The new threat landscape

Cybercrime is no longer a lone wolf practice; it is a sophisticated form of digital organized crime. Attackers know the value of sensitive data and how to leverage it in their extortion. Indeed, the ransom might not be the only goal for some criminals: stolen data itself has its own value, and can be used and sold whether or not ransom is paid. 

New forms of cybercrime continue to emerge to keep pace with the expansion of technological advances and new tools, including ransomware that can intelligently mine for security loopholes, and exploit them. 

While organizations differ, there are often internal conditions increasing risk. Fragmented productivity tools, separate applications in different facilities, and disparate storage properties can all increase the number of targets available to an attacker. 

Without sufficient protection, ransomware targets have almost no room to manoeuvre, often finding themselves cornered into dispensing high payouts, or managing downtime and its cost to the business. 

Safety and recovery

Mitigating the blast radius of a ransomware attack requires addressing three areas: securing and protecting data, detecting threats early, and enabling the rapid restoration of data following an attack. Such a multi-faceted approach can reduce the risk of data loss and downtime. Here are some things to keep in mind for each area:

Not every ransomware attack will be prevented, but with a strategy in place to protect, detect and recover, costs and disruptions can be reduced. With so many incentives for attackers to pursue the development of ransomware, it’s vital to counter it with every available means.

Exit mobile version