Monday Morning Impact – June 1

Study: Paying Ransomware Nearly Doubles Cost

Sophos, a UK-based cybersecurity company, announced the results of its global State of Ransomware 2020 survey, suggesting that paying cybercriminals to restore data encrypted during a ransomware attack almost doubles the overall cost.

More than half of organizations participating in the survey had experienced a significant ransomware attack in the previous 12 months, compared to 54% in 2017. Data was encrypted in nearly three quarters of the attacks with an average cost of more than $730,000. This includes business downtime, lost orders, and operational costs, but not including the ransom, itself. This average cost rose to $1.4 million, almost twice as much, when organizations paid the ransom. More than one quarter of organizations hit by ransomware admitted paying the ransom.

“On the face of it, paying the ransom appears to be an effective way of getting data restored, but this is illusory said principal research scientist Chester Wisniewski. “Sophos’ findings show that paying the ransom makes little difference to the recovery burden in terms of time and cost. This could be because it is unlikely that a single magical decryption key is all that’s needed to recover. Often, the attackers may share several keys and using them to restore data may be a complex and time-consuming affair.”

More than half of the IT managers surveyed were able to recover their data from backups without paying the ransom. In a very small minority of cases (1%), paying the ransom did not lead to the recovery of data. This figure rose to 5% for public sector organizations. In fact, 13% of the public sector organizations surveyed never managed to restore their encrypted data, compared to 6% overall.

However, contrary to popular belief, the public sector was least affected by ransomware, with just 45% of the organizations surveyed in this category saying they were hit by a significant attack in the previous year. At a global level, media, leisure and entertainment businesses in the private sector were most affected by ransomware, with 60% of respondents reporting attacks.

“An effective backup system that enables organizations to restore encrypted data without paying the attackers is business critical, but there are other important elements to consider if a company is to be truly resilient to ransomware,” added Wisniewski. “Advanced adversaries like the operators behind the Maze ransomware don’t just encrypt files, they steal data for possible exposure or extortion purposes. We’ve recently reported on LockBit using this tactic. Some attackers also attempt to delete or otherwise sabotage backups to make it harder for victims to recover data and increase pressure on them to pay. The way to address these malicious maneuvers is to keep backups offline, and use effective, multi-layered security solutions that detect and block attacks at different stages.”

The survey was conducted by an independent market research agency in January and February 2020. The survey interviewed 5,000 IT decision makers in 26 countries. All respondents were from organizations with between 100 and 5,000 employees.

Channel Impact^®
The decision on whether to pay the ransom is a difficult one, especially for healthcare organizations and governmental sectors with 9-1-1 services. In such cases, refusal to pay the ransoms could place lives at risk.

ServiceNow Releases Four Apps to Support Safe Return-to-Workplace

ServiceNow of Santa Clara, California has released a four-app suite and dashboard designed to help companies manage essential steps for safely returning employees to the workplace.

Marketed as “ServiceNow Safe Workplace,” the offering includes employee readiness surveys, health screenings, and workplace safety management features to help facilities and workplace services managers to quickly configure clean and hygienic, socially distanced workspaces so that employees can safely return to the workplace.

The suite lets managers assign shifts so that employees occupy these workspaces for a specific amount of time and configure cleaning schedules at the end of each shift. Out-of-the-box reports and dashboards give managers a real-time view of both workspace reservations and reservation thresholds across floors, buildings and sites. Workplace managers also have a real-time view of all cleaning task status, including a full audit trail history. The system also helps organizations manage and monitor their PPE inventory needs to ensure the physical safety of their workforce. The app’s dashboard provides a comprehensive view of inventory by facility, as well as an aggregate look at the entire workplace and historical data on how equipment levels have changed over time. The dashboard also provides visualizations for data collected by these apps and can be overlaid with a map using aggregated public data on infection rates.

“ServiceNow is helping companies manage the complex workflows required to keep employees healthy and workplaces safe,” said CEO Bill McDermott. “The ServiceNow Safe Workplace app suite and dashboard are engineered to make returning to the workplace work for everyone.”

Channel Impact^®
Returning employees to the workplace requires careful planning, execution and agility on the part of organizations. Business units across the enterprise must work together to create a safe and productive experience for all employees, whether they return to the workplace or continue to work from home. Initiatives, such as this one, are intended to help bring objective data-gathering to the equation.

Siemplify Introduces New Global Partner Program for SOAR Adoption

Siemplify, a New York-based provider of security orchestration, automation and response (SOAR) solutions, has unveiled its new 20/20 Partner Program designed to enable partners to be part of the sales cycle from the very start, ensuring they are able to define and develop their brand and communicate their value to customers. The program also includes margin assurance, which promises attractive margins under any discounting scenario.

“Overall, partners can expect to see high margins for our SOAR platform,” said Thomas Gillman, director of North American channels at Siemplify. “In addition, SOAR offers our partners lucrative professional services around implementation and playbook building. Finally, our partners can create attractive joint value propositions with each of the more than 200 security vendors whose products we automate and orchestrate.”

The program is based upon a sell-with strategy that leverages partners’ expertise and other resources.

Founded in 2015 by Israeli Intelligence experts, Siemplify has raised $58 million in funding to date and is headquartered in New York, with offices in Tel Aviv.

Channel Impact^®
The program places increased focus on partner engagement as a means of delivering complete solutions and increased productivity.