
Ransomware attacks are becoming more common, more effective and more costly—despite advancing defences. Here’s what you need to know to prepare your business for a successful attack.
Ransomware attacks may not be new, but they’re a growing concern for organizations. Ten to 15 years ago, ransomware was merely a nuisance. Successful attacks may have locked targets out of their systems or encrypted their data, but rarely had additional repercussions.
But as defences against ransomware evolved, so too did the attacks.
Over the last couple of years in particular, ransomware has been seen as a technical problem that could be solved by investments in cybersecurity tools and technologies. Yet ransomware keeps evolving and attackers keep coming up with new ways to bypass the defences organizations have put in place.
Today, ransomware attacks are more sophisticated and severe than ever before, and the ransom amounts are significantly higher. According to Canadian insights from PwC’s Global Digital Trust Insights survey, 39% of respondents expect a rise in ransomware attacks in 2023. Yet the vast majority of organizations aren’t adequately prepared to recover from a successful attack.
Preparing for a ransomware-ready future is possible, but it may require organizations to reimagine ransomware risks from a business perspective—not just a technical one. Here are five things you need to know about ransomware to prepare your company for a successful attack.
Financial motivation is at the heart of every ransomware attack. Unfortunately, most attacks are quite successful. Putting strong, technical defences in place to prevent ransomware is critical, but is no longer enough to protect your organization from a successful attack.
Attackers have proven time and again that they can and will find a way around your security safeguards. The only guaranteed way to put an end to ransomware would be for every single target organization to stop paying up. Although ideal, this scenario simply isn’t realistic.
There is, however, a better path forward—one that encompasses both protection and preparedness. Thinking about ransomware as a technology-driven financial crime, as opposed to strictly a cybercrime, may help your organization reimagine ransomware risks more holistically.
Whether to pay or not to pay a ransom is a decision most organizations aren’t prepared to make. From a moral standpoint (and from the viewpoint of the authorities), you simply shouldn’t pay. But the business reality of this decision is often very different—especially when it’s a matter of life and death, such as when critical infrastructure is at stake.
Adding insult to injury, there’s often a tight timeline to make a decision around payment. Most threat actors give organizations a mere 72 hours to make a decision. But even after three days, most organizations still don’t have sufficient information around exactly what’s happened and what the repercussions are to confidently make a decision.
This lack of time is purposeful—ransomware actors know that 72 hours isn’t enough time to really understand the risks associated with the attack. But what if you had more time? What if you posed this question today, rather than waiting for a ransomware actor to force you to answer it in 72 hours flat?
We live in a time when cyberattacks are plentiful and, for some organizations, constant. Many mature organizations understand how to deal with a ransomware attack from a technical perspective and know the systems they need to have in place to recover and rebuild. But ransomware is no longer strictly a technical attack.
There’s an increasingly urgent need for organizations to make decisions about ransomware risks on a non-technical side. The technical perspective will never stop being important. But most organizations haven’t given the broader risks enough consideration or thought. And it’s those risks that can most impact an organization moving forward.
Today, most of the decisions around responding to ransomware are business decisions. How your organization responds will depend on multiple factors. But ultimately, it comes down to preparedness.
Waiting until a successful ransomware attack to plan your response is like waiting for an earthquake before creating a disaster recovery plan—it may be too late to undo the damage it caused. But even with the strongest technical defences in place, preventing ransomware attacks altogether is no longer realistic. Instead, organizations should assume they will, at some point, be the target of a successful ransomware attack and determine how such an attack might affect their business holistically.
Partner, Cybersecurity, Privacy and Financial Crime National Leader, PwC Canada
Tel: +1 416 815 5306
Partner, National Cyber Forensics Investigations Leader, PwC Canada
Tel: +1 416 687 8262