The Aftermath of a Ransomware Attack – 5 Things You May Not Expect
BY Stew ParkinEverybody knows that when you get hit by ransomware a number of things are going to happen. You’re going to lose access to your data and potentially to your authentication domain, meaning a loss of access to applications and systems whether they’re on-premises, in the cloud or even SaaS. This leads to all the usual things – loss of revenue, downtime, a disruption to service levels – but what about the things you don’t hear about?
We’ve spoken to hundreds of businesses who’ve been hit by ransomware, and often we hear that they were not expecting, and therefore were not prepared for, what happened as a result. Here are the top five:
- Your data being seized by law enforcement. If you have to report a data breach to the authorities then your server room effectively becomes a crime scene. You may have immutable backups, XDR and a cyber recovery plan in place, but if your data is embargoed by law enforcement you cannot touch that data until they have concluded their investigations, potentially resulting in weeks, or even months, of downtime. In these scenarios, it’s critical to have off-site replication and a third-party recovery tool in place.
- Disruption to business operations. Taking retail as an example, POS systems will go down which means the business wouldn’t be able to refund money, exchange items or process the sale of items, which then has a knock-on effect on their stocking systems. The distribution centres and warehouses are run on computerised systems; the forklifts, the item collection mechanisms and the warehousing shelving are all automated, it’s all computer driven. You’d lose all of that. Unhappy customers as a result only serves to exacerbate the loss of revenue and reputational damage.
- Reputational damage. Once you’ve been hit by ransomware, it’s likely your customers will lose confidence that you can protect their data. A report by IBM and Forbes Insights found that 46% of businesses that experienced a cyber security breach suffered a major hit to their reputation and their brand’s value as a result.
- Fines. The fines that a business may face following a ransomware attack can vary depending on the specific laws and regulations in the country or region where the business operates. Additionally, the fines may be influenced by the severity of the attack, the sensitivity of the data involved, the scale of the breach, and the organisation’s response to the incident. Here are just some of the potential fines that a business could face:
- Data Protection Fines
- Industry-Specific Regulations
- Failure to Report
- Violations of Cybersecurity Laws
- Consumer Protection Fines
- Shareholder and Investor Litigation
- Employee churn. In the aftermath of a ransomware attack, the workload of the IT staff will inevitably increase as they try to recover lost data, implement new security measures, or catch up on the delayed tasks. Senior leadership may be questioning why systems weren’t in place to prevent this, and why they aren’t recovering everything more quickly and effectively. This additional pressure can lead to burnout and prompt employees to seek less stressful work environments, and in some instances – a different career path or industry altogether.
Ransomware attacks can also have major financial implications for a business, so if the attack leads to financial losses, pay cuts, or freezes on raises and bonuses, employees may feel undervalued and seek employment elsewhere.
So how do you prepare for an attack, and avoid all of the above?
The best way to prepare for this is to is to ensure that you have a recovery plan. Disaster recovery doesn’t equal cyber recovery, and the approaches to them are very different.
It’s important to remember that despite the differences between CR and DR, and the many special requirements of CR, they are not standalone solutions. Instead, they should both be part of a comprehensive recovery plan that includes incident response, backups, and disaster recovery.
You can download our free guide – 9 Key Differences Between Cyber Recovery and Disaster Recovery, here.