Ransomware: Once you've been hit your business is never the same again

In additional to financial costs and reputational damage, a ransomware attack can also lower the confidence of your information security team, too.
Written by Danny Palmer, Senior Writer

Getting hit with a ransomware attack damages an organisation in many ways – from stopping it being able to fully operate for weeks, to angry customers and potential reputational damage. But a ransomware attack also has a human cost, affecting the confidence of IT and information security teams – and potentially for a long time after the initial attack.

A new research paper by cybersecurity company Sophos says the extent of this confidence hit is so significant that the culture at these companies is never the same again. That's perhaps not surprising as there are some suggestions that suffering a major attack can make your organisation more likely to be hit again because criminals will identify it as a company that could be an easy target. 

According to the survey, nearly three times as many IT and information security staff in organisations that have been hit by a ransomware attack feel as if their organisation is 'significantly behind' when it comes to facing cyber threats, compared with those in organisations that haven't suffered a ransomware attack.

SEE: A winning strategy for cybersecurity (ZDNet special report) | Download the report as a PDF (TechRepublic) 

That lack of confidence also extends to business leadership, where management of a company hit by ransomware will also perceive the company to be significantly behind on cyber threats, compared with companies that haven't.

More than one third of ransomware victims said that recruiting and retaining skilled IT security professionals was their single biggest challenge when it comes to cybersecurity, compared with just 19% of those that hadn't been hit.

Being hit with a ransomware attack also appears to have an impact on re-skilling and training employees, with the results of the survey suggesting that organisations that have fallen victim to a ransomware attack are more likely to implement 'human-led' threat-hunting on their networks over those that haven't been hit.

The idea is that by having human eyes on the network, it could be easier to spot unusual activity that could be the hallmark of an incoming cyberattack.

This could prove to be important for organisations that have fallen victim to ransomware attacks that could also find themselves more vulnerable to additional cyber threats following an incident.

The report suggests that almost a third of organisations hit with ransomware have five or more third-party suppliers directly connected to their network.

Third-party suppliers have become a significant entry point for cyber attackers, so by having defenders monitor the supply chain, it could go a long way to preventing ransomware and other kinds of cyberattacks. Unfortunately, it seems that in some circumstances, falling victim to a ransomware attack is what's required to shift attitudes to security.

SEE: The encryption war is on again, and this time government has a new strategy

"The difference in resource priorities could indicate that ransomware victims have more incidents to deal with overall," said Chester Wisniewski, principal research scientist at Sophos.

"However, it could equally indicate that they are more alert to the complex, multi-stage nature of advanced attacks and therefore put greater resource into detecting and responding to the tell-tale signs that an attack is imminent," he added.

However, despite the number of organisations that have fallen victim to cyberattacks, the report concludes that it's "encouraging" how information security teams are evolving, especially when it comes to reacting to ever-evolving threats.


Editorial standards