The internet is everywhere, and as our digital lives become ever more important, so too has our need to stay safe and secure online. Cybersecurity has become a major cornerstone of the digital landscape, and malware has become big business.
In this second article on information security, we will take a closer look at what malware is, and how hacking groups use malware attacks to cost your business big.
What is Malware?
Malware is malicious software designed specifically to cause damage or disrupt a computer, server, client or network. There are many types of malware, some of which you may already be aware of like viruses, trojans, ransomware or spyware.
The how and why can vary between each type of malware – some can be used to crack weak passwords, bore into systems, and spread through networks. Other types of malware can lock up important files, or redirect you to malicious websites.
These attacks can result in anything from data theft to the destruction of entire systems or devices, and can be very profitable. Malware attacks have become a million dollar industry, with hacker groups pulling in hundreds of thousands to millions of dollars per attack.
Why should you care about malware?
In the early days of the internet, sending out malicious software was more like a prank – a minor annoyance that might spam popup windows and could be easily defeated by simply turning off your computer.
But as more and more of our lives shift online, the cost of malware attacks has risen astronomically. Security experts say ransomware attacks surged by over 150% in 2020, and the criminals running these attacks are making bigger and bigger demands.
Worst still, it is very possible that your data is already exposed – hundreds of companies are targeted every year by hackers trying to discover vulnerabilities in their systems. Large social network sites such as Facebook and LinkedIn have had leaks* totalling over 580 million accounts, while in 2013 Target had a POS compromise, exposing 40 million credit card numbers.
*A data “leak” is what happens after someone exploits a vulnerability and posts the data. A hacker searches for a vulnerability so they can exfiltrate the data, then either hold it to ransom or leak it.
How much could a malware attack cost me?
There is a lot of value in any hack, depending on the scale of the attack. Even gaining access to a single email address can be valuable to a hacker, as this can allow them to utilise the account to send spam or phishing emails from a more “legitimate” address, as well as gain access to any private information that requires that email address to perform a password reset.
In recent times, ransomware has become the most common type of attack, accounting for over 50% of all hacks. Rather than leak data, this type of malware is designed to shutdown operations and hold your company hostage unless you pay the hackers.
A recent ransomware hack on a major US fuel pipeline saw the affected company pay out nearly $5 million USD. In 2020 the average ransom demand was $170,000, but hacker groups like Maze, DoppelPaymer, and RagnarLocker averaged between $1 million and $2 million.
Even when companies can avoid paying the ransom, the direct price of being hacked can be much larger. Lawsuits following major breaches can add up into the hundreds of millions. Uber was fined $148 million for ignoring a breach of their user data, while Equifax settled for $700 million following their breach.
Malware attacks can have other costs to your business, including:
Lost Productivity
The most common type of ransomware attacks are designed to lock up your business operations and prevent you from running normally. The cost in lost productivity is closely tied with how quickly the attack is discovered – faster detection limits the spread of the infection as well as the time spent in remediation with the hacker.
Downtime Costs
Along with this lost productivity, an attack that stops your business from operating also incurs downtime costs – how long does it take you to return to normal operations? Businesses can limit their downtime costs by having secure and up-to-date backups of their data, allowing them to quickly get back up and running following an attack.
Impact on Clients
Malware attacks don’t just impact your business, they also impact other companies and people who you do business with. At best, having your own operations compromised adversely affects the relationship between your business and your clients, at worst the infection can spread from your company to theirs.
Damage to Your Brand or Reputation
The cost of damage to your businesses reputation can be hard to quantify, but its effects can definitely be felt. Customers and clients have become far more sensitive to cybersecurity threats, and a business that has been exposed to ransomware is not one that many will trust in the modern age.
Conclusion
Ransomware can have a huge impact on your business, from direct cost to flow on effects upon your customers and clients. That is why it is so important to maintain strong cybersecurity and information security practices.
In the third article in this series, we will look further into how you can keep yourself, your data and your business safe from malware attacks.
