A disaster recovery plan is always a good thing to have in the aftermath of a breach, hack, or general failure. However, for certain types of attacks, recovery after the fact can be a costly business, as an article on IT Pro Portal discusses. In the case of ransomware attacks, when data may not be recoverable without after-the-fact assistance from the hackers, that cost can range into the millions.
A recent report from Sophos, on the 2020 State of Ransomware, put the average cost of an attack, including ransom, downtime, lost opportunity, and other factors, at $732,520 for organizations that didn’t pay the hackers, and $1,448,458 for organizations that did.
With costs this high, it seems likely that many organizations could benefit from a focus on prevention, in the form of emphasizing good cyber hygiene, by training employees as to common methods of attacks, whether through phishing or by malicious downloads. Alternately, organizations can look to improve their Active Directory security, as multiple ransomware groups are known to be looking to exploit the weaknesses caused by the large number of credentials being used to access an equally large number of applications.
Source:
