WannaCry, the Aftermath
This May’s WannaCry wave of ransomware touched another nerve across the professional world, worrying more IT personalities than ever before about the effect ransomware might have on the organizations they serve. Hitting hard and large with its victims ranging from private individuals to the NHS, Telefonica, Deutsche Bahn and more, Wannacry caused fear among many and spiked interest in ransomware similar to the interest in cybersecurity that followed 2016’s DNC hacks.
Part of the fear of WannaCry was due to the dollar cost to organizations being so much higher than the ransoms WannaCry’s perpetrators actually received. According to available records the attackers made out with about $70,000 USD (and not more than $200,000). While companies haven’t released how much they’ve spent fixing problems caused by the attacks, the consultant fees, overtime, IT upgrades, and PR resources spent trying to restore confidence among clients and citizens certainly exceeded the $300 – $600 per encrypted device that could have been paid out for many organizations. The further costs of addressing cybersecurity challenges only impose more of a burden on these businesses going forward, though not as much as the costs of not addressing those same challenges.
InWhile attackers haven’t made all that much from it, the cybersecurity industry got a huge boost from the attention WannaCry received. For example, Mimecast had a nearly 40% spike in its stock price in the month and a half following the attacks.
So, What Happens Next?
This requires us to ask: “What’s happened since?”. There’s certainly a trend brewing here – a major security breach or news story comes out and a sudden surge of interest in protection follows. It makes sense, but it proves that many are unaware of threats that have long been in existence and continue to grow.
This is a challenging paradox to those in the industry. Email security is, or should be by nature, preventative. It only works if you buy it before you have any issues. It’s ideally a “set-it-and-forget-it” kind of product, where an IT team or consultant makes sure that the appropriate software is up to date while their security provider constantly monitors threats and ensures they stay out of a given network network. Like any insurance, you get it before something goes wrong, except in this case, an effective cybersecurity solution will minimize the possibility of things going wrong to begin with – imagine car insurance that keeps you from getting into accidents
When you are shopping for insurance, you compare the cost of the big hit and determine if the relatively small monthly payments justify the potential downside. The Wannacry ransomware required $300 to $600 in Bitcoin. That’s the straight forward cost and – perhaps as one FBI agent seemed to hint at – paying it is the simpler, cheaper way to get on with your life. (It is worth noting that the FBI has since said that paying not only encourages ransomware attacks, and doesn’t even guarantee the attackers will be honest and unlock your files. They suggest a prevention and continuity plan as better priorities.)
The Other Costs: Much Higher Than the Ransomware Itself
But there are so many other costs to consider. The NHS has suffered dramatically in the wake of WannaCry – and its response surely involved dozens of big meetings with top level management, IT consultants, and admins. For years they will be the case study for complacent IT, suffering to restore the image, all while taking on the costs of updating their systems to prevent further attacks. With recent testimony on the devastating impact WannaCry had on the NHS, there may also be a glimmer of hope that the healthcare industry will focus on “fit-for-purpose” IT solutions that are adequately protected, and not simply legacy systems that don’t keep up with today’s modern requirements, as well as modern threats.
These costs exist while same cybersecurity plan that protects against Ransomware will often protect against BEC, Spam Filtering, Zero Day exploits and more. There’s also regulatory compliance, loss of productivity, domain reputation and other valuable assets to consider in evaluating how much an organization can benefit from cybersecurity solutions.
Are You Prepared For the Next One?
There will be another large scale attack sooner rather than later. The frequency of attacks is increasing, costing more and more to companies worldwide.
SO, Get ahead of the next wave. Petya struck just a month after WannaCry there are many easy to implement solutions for your business. Take advantage of them and, just as an insurance company might say, “Insure your future…today!”.