wasting budget

Can your business survive a $100,000 malware attack? (Kaspersky Lab)

Can you win a game if the rules are constantly changing? For companies struggling to keep up with security trends, managing such changes can feel like standard operating procedure. The landscape is constantly evolving, with threats becoming more complex at every turn.

Within the scope of these changes, however, a recent survey by Kaspersky Lab found that 49 percent of small to medium-sized companies consider cryptomalware one of the most serious threats they face. A single malware attack can cost up to $99,000 for such organizations, and 67 percent of those surveyed reported having experienced complete or partial data loss due to cryptomalware. It’s no wonder that organizations are noticing such threats and seeking to protect themselves.

One cyberattack could claim a midsized company’s annual security budget.

Cryptomalware, which includes attack protocols like CryptoLocker and other ransomware instances, threatens organizations from two main perspectives: first, the attack seizes sensitive data and holds it for ransom; second, the activity causes downtime and a series of blows to operations and the company’s reputation. According to the Oxford University Press, the cost of a typical cyberattack can wipe out a company’s entire annual IT security budget. One issue contributing to this high cost is the fact that cybercriminals don’t guarantee they will – or can – return sensitive data after a ransom has been paid. Still, Kaspersky found that 34 percent of entrepreneurs admit to having paid ransom in an attempt to retrieve critical data.

When paying a ransom could increase the cost of an attack without alleviating the problem, yet withholding payment can leave the company powerless in the face of a security breach, how should midsized organizations update their security plans to avoid such situations?

Vladimir Zapolyansky, head of SMB marketing at Kaspersky Lab, suggests:

“As criminals increase their efforts to make money by using cryptomalware, small and medium businesses should take preventative measures to minimize the risk of becoming yet another victim. In order to improve the efficiency of their protection against cyberthreats, we advise SMBs to use dedicated solutions and the advanced technologies.” 

To protect your organization from an attack that could singlehandedly deplete (or exceed) your security budget, focus on identifying what’s in your data, how your sensitive information is being used and exactly who has access to which files. The more you know about your company’s data, the more equipped you’ll be to secure it, accurately gauge your level of risk, and implement backup and recovery processes that make recovering from ransomware as painless as possible.

Learn how midmarket organizations can enhance data protection for cyberattacks, industry regulations and more.

1 Like
Andrew Hay

Andrew Hay

With over 15 years of data security experience in various roles inside organizations as well as advising them, Andrew serves as the chief information security officer at DataGravity. He is responsible for the development and delivery of the company’s comprehensive data security strategy. Prior to DataGravity, Andrew was the director of research at OpenDNS (acquired by Cisco) and the director of applied security research and chief evangelist at CloudPassage.