By Jennifer Blanchette
Businesses mistakenly believe that when a company is the victim of a cyberattack, the costs associated with this criminal act boil down to paying the — constantly increasing — ransom demanded by the hackers. Wrong! Besides the short-term financial impacts, they can also experience disastrous consequences over the long term.
The repercussions of a cyberattack are generally felt in two stages. First, the company deals with surface impacts that are easily identifiable and quantifiable:
- The ransom amount (if the company isn’t adequately protected)
- Legal costs
- Expenses associated with public relations
- Expenses associated with restarting the company’s operations
- Expenses associated with upgrading compliance processes and cybersecurity solutions
A few days or months after a cyber incident, like the submerged portion of an iceberg, indirect impacts — which companies tend to overlook — start to be felt. These intangible consequences are virtually impossible to measure accurately.
They include:
- Value of lost contracts
- Loss of expertise and of historization
- Increase in insurance premiums
- Devaluation of trade name
- Loss of intellectual property
- Loss of skilled and competent labour
- Indirect costs related to the shutdown or disruption of business operations.
“Another problematic issue is the company no longer having any inkling relating to accounts receivable and payable. When an attack takes place, production stops, and employees may not be able to bill their clients. That’s in the short term. After that, even if the company manages to recover its data, it will continue to feel the repercussions of the attack in the very long term. In some cases, it can force a business to close permanently,” explains Sylvain Dion, President and CEO of My Technician.
As you can imagine, putting a dollar figure on the financial losses that result from a breach in your IT environment is pretty hard. According to a report published by IBM’s cybersecurity team, Canadian businesses spent an average of $6 million to recover from a data breach in 2020. This illustrates how important it is to be well protected against online attacks.
A Dire Need for Education
“Few companies are solid enough to get through a cyberattack, and yet they still underestimate the risks. Attacks can turn into disasters for businesses and that’s why we constantly strive to educate business leaders,” says Dion.
The CEO recalls a memorable encounter with a client who considered his email inbox and its contents to be a gold mine. “This client kept saying that if he were ever to lose access to his email, it would mean the end of his business. However, when I asked him what email backup solution he was using, he told me he didn’t have one.”
Sylvain Dion and his team often encounter clients who don’t have a cyber data protection plan. “In these cases, our mandate is to make them understand that a business that took 20 years to establish can’t be rebuilt in 6 months. Today, cyberattacks are so powerful and devastating that you shouldn’t entrust your IT protection to a single technician or a brother-in-law who merely dabbles in the matter. You have to be well protected early on,” Dion emphasizes.
He also notes that some businesses tend to regard cyberattacks with a false sense of security. They believe they’re safe because they’re a small organization or because they took out cyber risk insurance.
“Hackers don’t target SMBs based on how much revenue they generate or how many employees they have, says Dion. Initial attacks are always random. Afterwards, a human takes over and evaluates if it’s really worth it financially.
“As for insurance companies, he continues, the requirements for coverage are increasingly strict and premiums are also skyrocketing — it’s a safe bet that many SMBs won’t be able to keep up.”
Being Protected for as Little as… $3
Mr. Dion’s team recently managed to thwart in extremis a cyberattack on one of their clients thanks to a ransomware detection program that costs $3 per workstation.
“We had been urging this client for a year to set up a data protection plan. He had no backup of his computer environment. A week before the attack, he finally agreed to implement the $3 solution. Lucky for him! Otherwise, he would’ve lost his 55 stores. These days, hackers only generate an attack after they have encrypted servers and backups. Thanks to the app, we isolated the attack and cut the links with the rest of the company’s digital ecosystem,” Dion explains.
While the ransomware detection app is a step in the right direction, the My Technician team recommends opting for a three-tiered IT security plan. This solution entails backing up and duplicating data in three hidden, isolated and non-visible environments.
The last level of backup is so well protected that neither the company’s administrators or the My Technician team can access it. It can only be retrieved through the provider of the IT solution, upon request from My Technician. The data, on an encrypted disk, is then rushed by courier service to the hacked company, which can restart its operations in no time, even if it was the victim of a virulent attack.
“It’s very rare that we have to resort to this step. Usually, the servers can be restarted in a matter of minutes because a physical device installed at the customer’s site and isolated from the production environment, contains a copy of the servers, ready to be booted. Being isolated from the production environment, this copy is invisible to the hacker. It’s very difficult to hack something you don’t know exists,” says Dion.
On average, it will cost a company between $400 and $900 per month to acquire this IT security solution offered by My Technician. As Mr. Dion illustrates so well, “It may be a large pill to swallow at first, but when you put into perspective the fact that a cyberattack could jeopardize the very survival of your business, it is senseless not to be well protected!”