Until recently “ransomware” was largely considered a buzzword, a distant threat — something you read about, thought about, and then forgot about. Unfortunately, those carefree days are gone. Canadian businesses are falling prey to ransomware attacks at an unprecedented rate, and the costs are beginning to mount up.
According to Statistics Canada, cyber extortion cases, including ransomware attacks, rose by 170 per cent between 2012 and 2018. Bad actors of all levels of sophistication are working to increase the scale of their activities, with an eye to stealing large quantities of valuable data. Cybercrime Magazine recently predicted that worldwide ransomware damage would cross the six-trillion-dollar threshold by 2021. They view ransomware as one of the fastest-growing cybersecurity threats.
Tallying up the real cost
What does ransomware do? It distracts IT, and the organizations they power, from pursuing revenue-generating, future-facing projects — R&D, streamlining sales and distribution, perhaps the deeper use of AI in analytics. But there is also the immediate impact of ransomware, which is that it paralyzes a company. And that paralysis can have a huge impact on an organization’s reputation and finances.
A recent report by a US-based anti-malware software company estimated that ransom demands in Canada totalled between US$65 million and almost US $260 million in 2019 alone. Factoring in costs associated with downtime, the total financial impact of these attacks was between US $440.1 million and US $1.76 billion (equivalent to roughly $2.3 billion Canadian).
Using the pandemic
Since the emergence of the pandemic this past spring, companies have focused on enabling and empowering their suddenly remote workforce. This great shift to a “new normal” has by necessity forced businesses to increase their time and resources spend on collaboration tools that will allow staff to continue to perform at a high level. In all this noise and change, security has in many companies been put on the back-burner, or at least not given half the attention it demands.
The problem is cyber-criminals don’t take a day or a week or a month off. Certainly they’re not shifting on to other kinds of work during a pandemic. Far from it. This unprecedented shift to work-from-home has given hackers a golden opportunity to realize obscene profits. As company networks have been turned inside out, bad actors have set their sights on remote workers, who pre-pandemic were basically safe inside the network perimeter “walls.”
SMBs particularly vulnerable
Although ransomware threats are a concern to every business, small and midsized businesses (SMBs) are especially vulnerable. The numbers tell a frightening tale:
- Overconfidence: A majority of SMBs believe their companies are “too small” to be hacked
- Indecisiveness: Sixty-five per cent of SMBs have failed to act following a security incident
- Ill-preparedness: A majority of SMBs don’t have a plan in place to effectively deal with a cyber-attack
With many SMBs, resources are a factor — they simply don’t have the necessary “people power” or budget to put toward preventing ransomware attacks and/or dealing with the fallout of a successful attack. To fight the threat effectively, all businesses (but SMBs in particular) need a comprehensive solution that is clean, straightforward, and of course doesn’t come with an obscene price tag attached.
A right-sized solution for SMBs
Even with limited budgets, Fortinet’s modular approach to security with right-sized solutions for varying use-cases ensure SMBs are maximizing their ability to protect themselves across a variety of threat vectors. Solutions can be implemented in minutes, and advanced threat-intelligence sharing across the fabric reduces overall maintenance and administration.