The cost of ransomware attacks has more than doubled. Here's how companies can prevent and plan for these attacks, according to experts

The cost of ransomware attacks has more than doubled. Here's how companies can prevent and plan for these attacks, according to experts
As a cybersecurity expert for the Biden 2020, Jackie Singh was tasked with preventing breaches like the disastrous hack-and-leak that struck Hillary Clinton's 2016 campaign.Photo courtesy of Jason Schorr
  • Ransomware attacks can be costly and damaging to an organization's reputation.
  • Companies can implement security programs to keep track of data assets and plan for cyberattacks.
  • Cybersecurity experts Jackie Singh and Debbie Reynolds tell Insider how to prevent cyberattacks.
  • This conversation was a part of Insider's virtual event "Cybersecurity Trends: Prepare For A More Secure Future," presented by Cisco, which took place on Thursday, May 12, 2022.

Ransomware strikes, like the Colonial Pipeline attack last year, are becoming more widespread.

Companies of any size can fall victim to attackers threatening to block or release data unless it pays a fee. The average total cost of recovering from a ransomware attack has more than doubled from 2020 to 2021, increasing from $761,106 to $1.85 million, according to a survey from the cybersecurity firm Sophos.

Ransomware can harm the privacy of employees and customers, hurt the company's reputation, and rack up high costs. But there are ways to prevent attack, or at least minimize the damage.

Complimentary Tech Event
Transform talent with learning that works
Capability development is critical for businesses who want to push the envelope of innovation.Discover how business leaders are strategizing around building talent capabilities and empowering employee transformation.Know More

Companies can keep track of data assets and plan for cyberattacks to prevent harm, according to Debbie Reynolds, CEO of data privacy firm Debbie Reynolds consulting, and Jackie Singh, director at Surveillance Technology Oversight Project.

At a recent panel hosted by Insider on Thursday called "Cybersecurity Trends: Prepare For A More Secure Future," presented by Cisco, Singh, who also served as a senior cybersecurity staffer for President Joe Biden's campaign, said "organizations are vulnerable to ransomware because of gaps in the tech or because of poor awareness of their risk."


Keeping track of data and planning ahead can help focus ransomware prevention measures

Protecting data starts with understanding what information an organization stores.

Organizations must make sure they collect the only information they need and ensure only authorized people have access to the data, Singh said. Then, they can prioritize what data is most critical and focus their prevention measures on that.

But cybersecure companies should also know when and how to let some data go.

When data is outdated and has lower business value, companies may not take the proper steps to protect and remove that data, according to Reynolds. That can leave the organization at risk of a data breach.

Hackers may still want that data because it's not as protected as the "crown jewels of organizations," Reynolds said. "It's still very risky, and it creates a problem for organizations if they can't really follow that data through the life cycle of the information."


Planning is crucial to prevent cyberattacks

Minimizing the fallout from a ransomware attack starts way before a malicious actor targets the company.

It's similar to having a plan in case of a fire emergency, Reynolds said. Organizations must ensure that they're up to date with incident response simulations, frequent testing, and disaster recovery plans.

By conducting frequent testing, companies can better ensure that they are prepared if they do actually face a ransomware attack.

"We want to make sure that this is effective at the time of a crisis, so it really is best to test your backup and recovery capabilities," Singh said.

Collaboration keeps all departments in sync on cybersecurity best practices

Cybersecurity is a team sport, which means information security units must work closely with other departments across the business to keep it secure.


"Eliminating any potential silos there will definitely pay dividends," Singh said.

Individual employees can also play a part in keeping the business safe from attack. Employees should make sure they don't have sensitive data lying around, such as a post-it note with a password written on it, Reynolds said.

The workforce could also be the target of more coordinated attacks, like phishing campaigns that trick people into clicking malicious links. For example, hackers could take advantage of people's fears surrounding the conflict between Russia and Ukraine to get their attention and send phishing emails with ransomware, Reynolds says.

But even with strong defense measures in place, attacks can still happen.

Companies could consider looking into cyber insurance to make recovery post-attack easier. But cyber insurance is not a band-aid for proper policies, procedures, and tools to protect data. "Prevention is really key, so being able to try to find ways to make you a lower risk target will help people in all levels of society," Reynolds said.