In today’s cyberthreat landscape, 30% of customers that are attacked by a cybercriminal are targeted a second time.
The attackers can – and will – come back. And depending on the vertical industry, the potential losses are severe.
Once hit by a ransomware attack, banks need to have their ATM machines back up-and-running in 30 minutes, or risk losing the goodwill of hundreds, if not thousands, of customers.
These ransomware attacks do happen – and they have consequences.
In one of the worst financial attacks on record, the LockBit ransomware group in November 2023 attacked the Industrial and Commercial Bank of China (ICBC), disrupting trading in its $26 billion treasury market. According to Reuters, the blackout at ICBC's U.S. broker-dealer left it temporarily owing BNY Mellon BK.N $9 billion, an amount many times larger than its net capital.
Another impactful case was the February 2024 Change Healthcare incident, which disrupted payment systems for hospitals and medical facilities nationwide. Keep in mind that United Healthcare estimates that the Change Healthcare incident cost the company nearly $3 billion. The case affected 190 million Americans and caused great reputational damage in that UnitedHealth Group CEO Andrew Witty spent hours testifying before a hostile Congress last May.
While IBM estimates the average cost of a ransomware attack runs about about $4.88 million, such a loss can bankrupt most mid-sized businesses.
Why Backups are Essential Today
Thomas Alonso, director of cyber threat intelligence at Hitachi Vantara, said that many of the customers he works with don’t have a strong incident response (IR) plan for a cyberattack.
Working closely with MSPs, Alonoso tells customers that any good IR plan starts with a solid backup system. These systems have to offer immutability, encryption, and have strong replication.
Hitachi Vantara also promotes a 3-2-1-1 strategy that entails the customer creating three copies of their data, storing them on two different media types, keeping one copy offsite, and ensuring that at least one copy is immutable (unalterable to protect against ransomware threats.
“So if there’s attack, under this setup, the customer will recover their data,” said Alonso.
Along with a backup plan, customers also need to designate people who will be trained to negotiate with the ransomware threat actors. These people need to learn strategies for dealing with the threat actors, for example, telling them they are an intern and will work as an intermediary for a top executive.
“They also need to learn how much they should pay,” said Alonso. “Companies need a team with experience with those type of situations.”
Hitachi Vantara teams up with the MSPs in its channel to offer the backup their customers need, as well as the consulting and training services that can help companies more effectively navigate a cyber incident.
Want to Learn More?
Watch the Dark Reading webinar "Elevate Your Cyber Defense: Real-World Strategies."
Image credit: Getty Images