By Holly Ridgeway | Citizens Chief Security Officer
Ransomware attacks are a growing threat to middle-market companies. High-profile attacks are now a weekly or even daily news event, reflecting how prevalent – and costly – these attacks have become for organizations. What’s more, ransom values are steadily climbing as the attacks become more sophisticated. The average reported ransom was below $100,000 at the end of 2019, but spiked above $200,000 as of early 2021, according to incident response firm Coveware. Meanwhile, the total cost to businesses is even higher as they incur losses from halted operations, the steep expense of securing a network after an attack, and business lost due to reputational damage.
Ransomware is a form of malware (malicious software) used by hackers to extort money from companies, government entities, and other organizations. Typically, the malware enters an organization’s network, encrypts data in the network to render it unusable, then holds the encrypted data for ransom. According to Coveware, about 75% of recent attacks included data exfiltration, which is when hackers threaten to publish or erase stolen data to bolster ransom negotiations.
Middle-market businesses are, unfortunately, a desirable target for ransomware. Their operations generate valuable data and depend on IT networks, and they have the resources to pay more sizeable ransoms than small businesses. However, they may lack the robust security that much larger companies deploy. While middle-market firms of all sizes have reported increasing cyberattacks in recent years, the trend is hitting larger middle-market companies hardest. In the last year, 31% of firms with revenue of $50M to $1B reported a ransomware attack, compared to 13% of firms in the $10M to $50M market, according to a 2021 report from consulting firm RSM.
Ransomware attacks come in two varieties. The first is sometimes referred to as “big game hunting.” In this approach, hackers gain entry to a network and spend time quietly exploring and mapping it from within to identify the most sensitive or valuable data. This quiet mapping time, known as dwell time, can last for days or weeks. These attacks can be devastating in scope, shutting down operations completely—even disabling data backups. Accordingly, these attacks generate the highest ransoms. The Colonial Pipeline attack of 2021 was one of many such examples.
The second type of ransomware attack is more limited but can still be crippling for organizations. In these cases, hackers aim to seize or freeze data as soon as they enter a network, hoping to capture something sensitive in the process.
Ransomware attacks are impossible to halt completely, but organizations have a chance to fend them off by instituting a defense strategy with multiple layers, like an onion. The key idea behind prevention is to make entry sufficiently difficult for hackers so that they will give up and move on to easier targets. Most of the defense layers are more about technological “hygiene” than they are about cutting-edge, high-cost technology. Here are a few ways that middle-market companies can start to bolster their networks against ransomware:
When a network is attacked, an organization’s response will have a significant impact on the outcome. A swift and decisive response can limit the attack, while a slow or ineffective response could result in widespread business disruption, significant financial losses, and costly reputational damage. Here are a few ways that organizations can prepare to respond:
The threat of ransomware is a critical issue for middle-market companies today. Hackers have identified mid-sized organizations as an especially profitable target. With more valuable data and more ransom-paying ability than small businesses, but having less network protection than the largest companies, such organizations can be ideal victims. Meanwhile, the consequences of committing a cybercrime remain limited. Most middle-market executives expect cyberattacks to continue escalating in the near term, according to RSM.
Fortunately, it is possible and cost-effective to establish prevention and response practices that guard against attacks and limit the damage when they do occur. As with any defense, strategy matters. Fortunately, most of the strategic tools that are available to organizations, like password management and employee training, are more an issue of good “hygiene” than of cutting-edge, high-cost technology.
As businesses achieve greater digitization in areas like payables, there may be more access points for cyber criminals to exploit.
Find out why speed, accuracy and connectivity will define the future for treasury management.
How asset-based lending can help you manage the ups and downs of the economic cycle.
All fields are required unless marked as "Optional".
We have received your inquiry. A Citizens Securities, Inc. (CSI) Advisor will be in touch shortly.
This popup will be autoclosed.
© Citizens Financial Group, Inc. All rights reserved. Citizens is a brand name of Citizens Bank, N.A. Member FDIC
“Citizens” is the marketing name for the business of Citizens Financial Group, Inc. (“CFG”) and its subsidiaries. “Citizens Capital Markets & Advisory” is the marketing name for the investment banking, research, sales, and trading activities of our institutional broker-dealer, Citizens JMP Securities, LLC (“CJMPS”), Member FINRA and SIPC (See FINRA BrokerCheck and SIPC.org). Securities products and services are offered to institutional clients through CJMPS. (CJMPS disclosures and CJMP Form CRS). Banking products and services are offered through Citizens Bank, N.A., Member FDIC. Citizens Valuation Services is a business division of Willamette Management Associates, Inc. (a wholly owned subsidiary of CFG).
Securities and investment products are subject to risk, including principal amount invested and are: NOT FDIC INSURED · NOT BANK GUARANTEED · MAY LOSE VALUE