Two recent significant cyber-attacks demonstrate the huge cost of malware attacks against large businesses.

Aluminium producer Norsk Hydro has estimated remediation costs of their ransomware attack at £60 million (650 million Norwegian Crowns).  The attack back in March 2019 saw the company’s systems infected with the LockerGoga ransomware which brought production to a halt at 170 sites around the world (some 22,000 computers were affected across 40 different networks).   Even though the company had recent backups they could revert to, the huge scale of the recovery task takes time and money to complete.

As eye watering as those costs are, they are exceeded by the recent announcement by Demant, one of the world’s leading heard aid manufacturers.

Demant has reported they suffered a critical cyber-security incident at the end of September which brought manufacturing to a halt at factories around the world.  The direct costs for dealing with the incident are estimated at some 50 million DKK but the actual impact on their 2019 business year is estimated to be 10 times that amount (£64 million) due to lost sales and other business disruption. Demant reports that even though they have cyber-insurance which will pay out and cover the direct costs of the remediation and clean-up, but is several tens of millions less than the total impact of the incident.

Security Managers can learn an important lesson from these incidents: the financial impact on your business can be much higher than the direct costs of remediating the malware from your systems. These costs include lost production, lost direct sales and lost confidence from clients and partners which can affect future sales.

According to the 2019 Accenture cost of cyber-crime report the average cost of a cyber-crime incident for major enterprises has risen 72% in the last 5 years to $13 million in 2018 with malware attacks being the most expensive.

What steps can you take to protect your business from malware?

Paying the ransom is no guarantee that the decrypting software will even work – and it serves to encourage the criminals to continue using ransomware.

Current backups are the primary defence against ransomware. Offline backups, that cannot be accessed and corrupted by malware on your network, are the only sure-fire method of recovery from ransomware which has corrupted your data.  The time taken to restore a system from backups will often be similar to the time taken to de-encrypt the ransomed files – so paying the ransom is not necessarily a shortcut to data recovery.

Network segmentation can help stop the spread of malware across your whole network, by limiting the ability of malware to traverse the network.

The human firewall is the last line of defence against malware in most businesses.  Training your team to identify and not to click on malicious links or open unexpected email attachments will reduce your chances of malware infection.  Business email is a primary attack vector for malware targeting businesses.  Security Awareness training takes many forms, from live lessons to recorded videos.  The key to success is to ensure the chosen format will work for your team and culture.  Security Awareness training is more than a compliance check-box exercise.  The purpose is to change the behaviour of your team to reduce the risk of malware being allowed into your network by your team. However, according to the 2019 Accenture cost of cyber-crime report: Training employees to think and act with security in mind is the most underfunded activity in cybersecurity budgets.