NO organisation — from small businesses to enterprises — is immune to the risks posed by ransomware and other malware threats. These attacks can cripple operations and result in costly downtime for any business, regardless of size.
With cybercriminals constantly evolving their tactics, it is crucial for all businesses to proactively strengthen their security posture, which includes ransomware protection. Ransomware and extortion incidents surged by 67% in 2023, according to a threat intelligence report, emphasizing the urgency for organizations to strengthen cybersecurity.
“Ransomware attacks are posing severe risks to businesses across all industries and sizes,” said Andrius Buinovskis, head of product at NordLayer. “Cybercriminals are demanding ransoms and exploiting sophisticated tactics to infiltrate and cripple organizations. Businesses should stay ahead of these threats by implementing security solutions and adopting a proactive stance against ransomware.”
Businesses keep paying the ransom
According to a report, the average ransom payment has skyrocketed by 500% in the last year, with 63% of ransom demands amounting to $1 million or more, and 30% exceeding $5 million. These ransom demands suggest that ransomware operators are seeking massive payoffs, putting financial strain on businesses.
Furthermore, another study found that despite the disruption of two major players , the number of active ransomware groups more than doubled year-on-year, increasing by 55% from Q1 2023 to Q1 2024. New ransomware threats call attention for businesses to stay vigilant and adapt their security strategies.
What’s even worse, 94% of surveyed respondents stated their company would pay a ransom to recover data and restore business processes, with 67% indicating a willingness to pay over $3 million, and 35% stating they would pay over $5 million. Paying ransoms is becoming a cost of doing business for many organisations, further encouraging cybercriminal activity.
Mid-sized companies appear to be particularly vulnerable, with 65% having been ransomware victims over the past 12 months. Businesses of all sizes should prioritize cybersecurity measures and implement ransomware protection strategies.
Cybersecurity expert shares how to protect your business
Andrius Buinovskis recommends limiting employee access to data and information, granting privileges only to those who need them for their work. This principle of “least privilege” can minimize the extent of a ransomware attack. Software installation and execution abilities on your network devices should also be restricted because it minimizes the network’s vulnerability to malware.
“Employees are often the weakest link in cybersecurity and the first line of defense against cyber threats,” said Buinovskis. “Educating them about warning signs, safe practices, and response strategies is crucial for preventing malware intrusion. Conduct regular training sessions to raise awareness about phishing scams, a common entry point for ransomware.”
In addition, the head of product at NordLayer suggests regularly backing up data and ensuring these backups are not connected to the main network. Offsite or cloud-based backups can be effective since they shouldn’t be affected during a breach of the main network. In the event of an attack, businesses can restore data without paying a ransom.
Lastly, Buinovskis advises to keep operating systems, software, and applications updated. Cybercriminals exploit vulnerabilities in outdated software. Implement a patch management strategy to ensure timely updates. Additionally, consider implementing methods for regular scans to help maintain system efficiency.