Since the start of COVID-19, ransomware attacks have risen over 400%. In 2021, the total costs from attacks are expected to reach over $20 billion. 3 quarters of organizations will face attacks in the next 5 years. Given the increasing effectiveness, ease, and profitability of cyber crimes, all businesses should be taking pre-emptive measures to protect themselves from the growing digital storm.
Typically, there are 3 steps in a ransomware attack. First, ransomware encrypts files and denies access to users. Then, the malicious actors who sent the ransomware demand payments in exchange for the decryption keys To make these payments difficult to track, ransom is typically demanded in anonymous cryptocurrencies such as Bitcoin. Beyond the ransom itself, the cost per business to recover from a ransomware attack is nearly $2 million. It is unreasonable to expect every small or medium business (SMB for short) to be capable of paying these amounts.
If SMBs don’t want to go bankrupt from a cyber attack, they need to invest in security now. Unfortunately, the shortage of qualified cybersecurity experts make hiring and retention increasingly difficult. 62% of SMBs lack in-house cybersecurity expertise. The majority of SMBs don’t even have a cybersecurity policy in place. They don’t know how to respond or recover in the event of an attack.
While cybersecurity technology picks up a lot of the slack, it cannot do everything for a business. Artificial intelligence solutions can be hard to deploy, configure, and maintain. Current models have an explosion of false positives in attack detection, leading to excessive alerts. Without a human expert who is able to sort out the real threats, businesses may become tempted to ignore their security software’s warnings over time. Every day, the average person receives 63.5 notifications.
Human expertise is an important part of cybersecurity. Trained analysts have a built in advantage when detecting and responding to ransomware. It is easier for them to spot malicious code and warning signs. Their human expertise makes it possible for them to understand context, relevance, and attack motivation in a way that AI currently is not able to. In this manner, they are able to weed out false positives from alerts.
It’s true that hiring a cybersecurity expert is expensive for a business. However, it would be even more expensive for a business to suffer a ransomware attack. Investing in security now prevents recovery costs from incurring later.