Ransomware isn’t really a problem, is it?

Even the news channels don’t make a big deal about cyberattacks these days. It’s happening all the time.

It’s incredible how many people don’t recognize that there is a war going on right now between hackers and organizations with any kind of IT hardware. 

And when I say hackers, I don’t mean teenagers working late into the night on their laptops. I’m talking about organized criminal hacking groups; I’m talking about nation-states attacking other nation-states; I’m talking about individuals who can access Ransomware as a Service (RaaS) modules to attack the company of their choice. 

It’s also quite easy for hackers who have accessed the computing platform of one company to access the servers of any organizations that supply that first company or buy from that first company if it has that kind of integration in place. These are mildly referred to as ‘supply chain breaches.’

Even the news channels don’t make a big deal about cyberattacks these days. It’s happening all the time.

Vulnerable Points

The other issue is that it’s not just an IT problem. Yes, of course, it is a major issue for IT departments. Unfortunately for them, these days, they don’t know all the applications used by their organization’s employees. 

With the growth in cloud software and people working from home, organizations are seeing an increase in shadow IT—small apps that people use to make their jobs easier that are unknown to the IT team and are, therefore, not as secure as the software the IT team knows about.

There’s also an issue with Internet of Things (IoT) devices used in organizations. They are notoriously insecure, with many devices still using their default password. Hackers can access those devices, the corporate network, and the mainframe.

All staff need to be trained on the issue of ransomware and data breaches. After all, the staff will be impacted when the IT infrastructure goes down, and they can’t do their job until the business continuity plan can be put into operation. It’s ordinary employees who will click on phishing emails without thinking, open attachments containing malware, or click on links that take them to websites that automatically cause them to download some kind of malware. And so the attack on your mainframe begins.

A Heavy Mantle

Importantly, the Chief Financial Officer (CFO) will be responsible for releasing the funds to pay the ransom and will be called to account by the senior staff when customers whose personal data has been stolen need compensation. 

The CFO will be responsible for paying fines because their organization wasn’t compliant with the regulations that apply to their industry. The CFO will also have to explain how much company money has been spent on lawyers trying to defend a raft of litigation that can follow a data breach. 

CFOs must play a significant role in ensuring that their organization is compliant and that all possible defences are in place.

Behind the Curtain

So, how bad is a data breach? How much do bad actors demand in ransom? How much will an organization lose in terms of customers? And how long does it take to discover that your organization is under attack?

The IBM Cost of a Data Breach Report 2024 can give us some answers.

Breach Costs

Many people think that the cost of a data breach isn’t much. Yet the report reveals staggering numbers:

• The global average cost of a data breach in 2024 was US$4.88m, a 10% increase over the previous year. 
• The USA had the highest average cost, at US$9.36m.
• Healthcare is still the costliest in terms of a data breach at US$9.77m. 
• The financial sector is the second most costly at US$6.08m. 
• The Industrial averages a cost of US$5.56m per attack.

In addition to quantifiable financial losses, costs from lost business and post-breach response rose nearly 11% over the previous year, contributing to the significant rise in overall breach costs. 

Lost business costs include revenue loss due to system downtime, lost customers, and reputation damage. Post-breach costs can include the expense of setting up call centres and credit monitoring services for impacted customers and paying regulatory fines.

Identify and Contain Breaches

You might think that if you’re being hacked, you’ll know about it immediately, or indeed, early the following morning at least. Is that true?

The average time to identify and contain a breach was 258 days.

The report found that the average time to identify and contain a breach was 258 days. The average mean time to identify (MTTI) an attack was 194 days, and the mean time to contain (MTTC) an attack was 64 days. 

However, breaches involving stolen or compromised credentials took the longest to identify and contain any attack vector: 292 days. Similar attacks that involved taking advantage of employees and employee access also took a long time to resolve. For example, phishing attacks lasted an average of 261 days, while social engineering attacks took 257 days.

Some suggest that mainframes are exempt from hacking and are cavalier about gaining access. However, how-to videos and guides indicate that a person with skills can hack a mainframe in five to thirty minutes. Your company wouldn’t even know for almost a year.

Take Action

The report should act as a wake-up call to all organizations and all sites that are not absolutely up to date with their defences. An immediate, responsible response should include every division of each organization, confirming 100% compliance with all the regulations that affect their industry. 

Businesses also need to follow the recommendations of organizations such as NIST, the US-based National Institute of Standards and Technology. Consider sending employees to mainframe penetration testing classes and preparing a breach response team. The US Federal Trade Commission also offers businesses a data breach response guide.

Everyone in an organization, starting with the C-suite, must recognize and stay alert to data breaches and ransomware as serious, expensive, and long-lasting problems.