No matter how big or small, every enterprise needs protection against ransomware. This specific attack technique has soared in popularity, becoming the top cyber security threat for businesses—to the point that it is often referred to by experts and media as the “ransomware epidemic.”
The Verizon 2022 Data Breach Investigations Report (DBIR) found that ransomware attacks soared 13% between 2020 and 2021, a bigger increase than the last five years combined. A new study by one of Canada’s top business law firms, Blake, Cassels & Graydon LLP, found that ransomware accounted for 55% of cyber attacks in Canada in 2021.
In July 2022, a globally recognized industry analyst firm published a case study titled Protecting the Mid-sized Enterprise Against Ransomware. The purpose of this case study is to help readers make informed decisions about cyber security.
Leveraging in-depth interviews with stakeholders and a review of relevant documentation, the author recounts one mid-sized company’s experience with ransomware, disappointment with a high-profile cyber security vendor, and subsequent search for a new vendor that better fits their needs. Before we dive into a few key takeaways from the case study, let us quickly introduce the experts who wrote it.
About industry analyst firm Omdia
Omdia is a market-leading data, research, and consulting business focused on helping digital service providers, technology companies, and enterprise decision-makers thrive in the connected digital economy.
Their experts offer analysis and strategic insight across the global telecommunications, media, and IT industries. Omdia helps its clients profit from new technologies and capitalize on evolving business models, by providing actionable insight to support their customers’ business planning, product development, and go-to-market initiatives.
The report’s author, Eric Parizo, is the Managing Principal Analyst at Omdia. Eric oversees research quality, innovation, and staff development within the Omdia Cyber research group. He offers thought-leading analysis on technologies, trends, and innovations in enterprise security operations centres, and specifically the threat detection, investigation, and response (TDIR) lifecycle.
Eric has been covering, researching, or speaking on topics related to enterprise information technology for about 20 years.
Ransomware, the cyber attack epidemic
The report begins by explaining that ransomware—a type of malware that locks access to files on a target’s system for the purpose of extortion—is extremely prevalent because of its low cost to execute and high potential for reward.
Government officials routinely recommend that organizations not pay a ransom. By doing so, the victim organization may be funding future cyber crime. Unfortunately, these attacks are specifically designed to halt operations and complicate recovery. For many victims, giving in to a cyber criminal’s demands appears to be the easiest and fastest way to return to business as usual.
Due to the prevalence of ransomware, organizations are desperate for a proper defence. Cyber criminals don’t discriminate against business size, but some cyber security vendors do. Small businesses are hard-pressed to find anti-ransomware technologies that are easy to use, within budget, and sized right (with scalable packages that make sense for compact teams). This lack of options means that almost 98% of businesses are stuck with unaffordable cyber security solutions and features they don’t need—which is exactly what happened to the company at the heart of the case study.
Anti-ransomware solutions not made equal
The report follows one mid-sized company with thousands of customers nationwide, including engineers at some of the world’s biggest tech companies. After experiencing a ransomware attack that brought the organization to a near standstill in minutes, they needed immediate incident response help and a stronger defence going forward.
While recovering from the attack, the company knew it needed to beef up its defences. They chose a high-profile cyber security vendor that appeared to check every box. As it turned out, cyber security solutions are not one-size-fits-all.
For an entire year, the company was paying for nearly twice as much protection as it needed because even the smallest licensing package from their incumbent vendor was too large. That same cyber security solution only protected part of the business, leaving the rest of it—including the network, cloud systems, and Office 365 accounts—vulnerable to another attack.
As a result, they started looking for a replacement, this time knowing exactly what they did and didn’t want in a cyber security partner. Eventually, they found their perfect match, saying that “the contract is one of the best decisions [they] ever made.”
Choosing the right anti-ransomware
Read the report to get the full story of this company’s battle with ransomware, their experience choosing (and then rechoosing) a cyber security vendor, and what Omdia says matters while selecting anti-ransomware technology.
