In the winter of 2021, in the thick of the busy December holiday season, one of the most popular human resource platforms became the victim of a ransomware attack, forcing thousands of companies, hospitals, and municipalities to track employee hours and calculate paychecks the old-fashioned way—paper, pencil, and spreadsheet.
One month later, the systems in the largest county in New Mexico were hit by a similar attack. Shortly thereafter, one of the world’s largest semiconductor chip manufacturers had 1TB of private employee data held hostage to the tune of $1 million. Next, a major automotive manufacturer, then an airline, and the list goes on and on.
Fast-forward to today, and the persistent threat of cyberattacks, particularly ransomware, continues to accelerate. According to NCC Group’s Global Threat Intelligence team, ransomware attacks are up 45% since the previous month and up 30% year-over-year. Almost half of all ransomware activity targeted organizations in North America, with consumer services, manufacturing, and entertainment companies leading the pack.
Ransomware attacks, however, are not just increasing in frequency. They’re getting more sophisticated, more efficient, and more troublesome. Techradar reports that a new strain, dubbed Rorschach, is capable of infecting and encrypting files in record time. That means that by the time you discover you’re infected, it’s probably too late.
Whether the threat originates from foreign entities, homegrown hackers, or even disgruntled former employees, organizations of every size and in every industry are increasingly at risk.
And although the immediate impact of a ransomware attack is obvious, the long-term effects may be harder to spot—and potentially more damaging. Even if you quickly address the situation, the sting is much harder to shake. The most notable long-term effects include:
- Long-term damage to consumer brand
With tech giants making personal privacy a top-of-mind concern (and a competitive differentiator), consumers are hyper-aware of the threats posed by security breaches. Add in the seemingly daily stream of media reports detailing the dangers of identity theft, and you have an environment where even the impact of even a relatively minor security incident can send once loyal customers seeking the services of your competitors. What’s worse, as future customers research your products or services online, reports of past security issues will likely surface, making this a particularly tough problem to shake.
- Long-term damage to employer brand
Similar to the concerns faced when trying to acquire and retain clients after a security incident, attracting and retaining employees can pose a larger issue… particularly in today’s persistently tight labor markets. From the moment an individual shows up for their first day of work, employers have access to the most sensitive information. Social Security numbers, home addresses, and contact information, family data… all of it is in the hands of the employer. Once that trust is broken, it’s incredibly hard to rebuild. If you’re a tech company, the impact can be even greater.
- Insurance premium increases
As attacks become more prevalent—and more costly—cyber risk insurance has become a must-have for many organizations. And just as car accidents and speeding tickets can force consumer auto insurance premiums to skyrocket, so too can security breaches impact cyber risk insurance. According to a recent Deloitte study, some organizations see a 200% rate increase post-incident, while others can’t secure coverage at all until stringent measures have been put into place and validated by the insurance carrier. This can place significant stress on a company’s bottom line, and when combined with the erosion of consumer confidence and other economic headwinds, the detrimental effect is amplified.
- Increased scrutiny and lengthier sales cycles
If you’re in the B2B space, securing new contracts with customers generally involves some form of a security audit. Whether it’s a ‘check the boxes’ cursory review of practices and protocols or a thorough audit including inspection of both physical and cyber security, a breach in your recent past will likely trigger an even more stringent review of the measures you’ve put into place to mitigate risk. This can elongate sales cycles, force you to increase investments, add new contract language (triggering additional legal reviews), and potentially lose deals.
There are many more detrimental effects, and each organization will face its own unique set of challenges as it attempts to recover from security attacks, but the need to double down on cybersecurity has never been more clear or more urgent.
Most companies have some form of training in place for the general employee population, typically some form of cybersecurity awareness video that teaches workers to be suspicious of phishing and other social engineering hacks. However, the most proactive organizations ensure they’re both fully staffing their cybersecurity teams and ensuring they have ongoing training that transcends simplistic click-and-watch modules popularized by traditional LMS systems.
In addition to keeping team members up to speed on the latest threats and variants, employers must ensure cybersecurity teams maintain a firm grasp on the fundamentals that lead to a robust, multi-threaded, comprehensive approach. That’s why companies are increasingly turning away from simplistic module-based learning and instead creating “capability academies” aimed at delivering the depth and breadth of knowledge—in a human-led, mentor-guided approach—that lead to absolute mastery of the topic at hand.
Hackers, state-funded actors, and other nefarious groups are constantly investing in new ways to attack your business, so you need to be equally vigilant in training your staff to head them off at the pass.
We’ve created a new e-book aimed at helping you learn all about the latest strategies and techniques to keep your team’s skills sharp. Click here to download this free guide — or, if you would like to speak with a Springboard consultant and learn how we can help meet your unique needs, click here and we’ll work with you to get an initial discussion on the books.