Fraud Management & Cybercrime , Ransomware
Ransomware Attacks Cost Businesses $20 Billion in 2020
The Growth of Ransomware Calls for the Evolution of Third-Party Risk ManagementCyberattacks on third-party providers are far-reaching and dangerous for the global economy and supply chain. They are also not new; Target’s significant data breach in 2013 just brought them into the headlines.
The fact that a vendor became an attack vector for hackers was a major "aha moment" for both organizations and the bad actors targeting them. While companies spend precious resources ensuring their own cyber borders are secure, they’re often assuming that the companies they do business with take the same precautions. This can be a dangerous - and expensive - assumption that most organizations cannot risk.
Whether it’s the increase in SaaS utilization or moving data to the cloud, the rise of digital transformation is a major cause of third-party breaches. The average company has nearly 6,000 vendors, according to a recent report by Ponemon, and more vendors with access to an organizations' systems means more opportunities for bad actors to launch an attack.
Furthermore, the global pandemic forced companies to transition to a remote workforce, and hackers took full advantage of the increased number of attack vectors. The FBI reported a 500% increase in the number of cyberattacks in the first months of the shutdown alone.
Cybercriminals know that targeting a third party will have a multiplying effect; target one company and benefit from the ripple effect it causes.
Cyberattacks such as ransomware are a lucrative business for cybercriminals. Checkpoint’s 2021 Software Security Report estimates that ransomware attacks alone cost businesses $20 billion in 2020, nearly double from just one year prior.
In 2020, the average ransom paid by midsized organizations was $170,400, but the average bill for rectifying a ransomware attack, considering downtime, people time, device cost, network cost, lost business opportunity, ransom paid and other expenses was $1.85 million, according to The State of Ransomware 2021 report by Sophos.