Commissioned by Oracle
1 Introduction / Executive Summary
Ransomware is an evolving global threat that can wreak havoc on businesses, governments, and citizens with billions of dollars in damages. More than half of organizations have been affected, and often, the consequences are immeasurable, which is why it is critical to put in place the safeguards to help prevent a successful attack, minimize negative outcomes, and strengthen operational resiliency in the face of a breach.
Dealing with the aftermath of a ransomware attack can be complicated and costly. Most organizations experience significant business impacts, from financial loss to business disruption. According to the Internet Crime Complaint Center IC3, a division of the FBI, between 50% and 80% of organizations that have paid ransom demands in the past were subject to subsequent attacks, often by the same threat actors6.
Ransomware is unique among cybercrime because in order for the attack to be successful, it requires the victim to become a willing accomplice after the fact.
― James Scott, Institute for Critical Infrastructure Technology
Most security experts recommend against paying the ransom: not only is there no guarantee to get the data back, but it also encourages future ransomware attacks. Studies conducted both in the United States (by Coveware7) and Europe (by Veeam8) show that many victims never hear back from their attackers after paying the ransom, and even among those who do get their data back, over 30% find it incomplete or damaged.
In this paper, we will expand our view of ransomware and demonstrate how treating it as an isolated security challenge is not a sustainable approach. We will show why prevention is the best foundation for managing risk and consider some strategies to combat common ransomware tactics. A breach affects every part of the enterprise because it is not an isolated cybersecurity problem; it is an everyone’s problem.
We will discuss cybersecurity guidelines along with some recommended best practices. And we will look at key focus areas to start implementing these strategies to help reduce the risk of ransomware. As we explore Oracle’s layered approach to security with an emphasis on automation and building security into their products, we will find that defending against ransomware means defending against any cyberattack.