After being hit by a ransomware or phishing attack, it might be tempting for businesses to think the damage has been done and they can now focus on rebuilding. This is rarely the case. Research shows that 80% of organisations targeted by ransomware end up suffering another attack – and 46% are targeted by the same cybercriminals that hit them in the first place.
Why do hackers come back?
First, the fact that a successful attack has been carried out against your business won’t go unnoticed within the crime-as-a-service community. They will have taken note of how your business was breached, what the attackers were able to gain, and whether you might be vulnerable to future attacks.
Once data has been exfiltrated in a phishing or ransomware attack, there’s no guarantee it won’t be used for future malicious purposes even it if it’s returned after a ransom is paid. Hackers can keep copies of everything for themselves or sell it to others for further blackmail.
This is especially common with ransomware. Victims believe that they’ll be left alone now the ransom has been paid, but it might only be the beginning of their troubles. If you pay out, attackers will know you have the funds and that you’re willing to part with cash to get your data back. This paints a target on your organisation for the same attackers to come back for more, or for new ones to try and get their own piece of the action.
Criminal groups also pay close attention to which businesses have cyber insurance and could be in line for payouts in the event of a breach – which is something that’s driving premiums up and even preventing organisations with weak cybersecurity from being insured in the first place.
What to do if you’ve been attacked?
There are some things an organisation can do to protect itself in the wake of an attack. Firstly, it’s important to employ threat intelligence to evaluate the level of risk from future attacks. Has your business been named as an easy target on the dark net or on hacking forums? What information about your business is available for purchase?
Secondly, don’t pay any further ransoms. You’re only enriching and encouraging the very people who are likely orchestrating further attacks against your organisation. Most importantly though, the key to preventing future attacks is to improve your cybersecurity posture – and the most valuable thing you can invest in is powerful email security.
Over 90% of ransomware is delivered via email phishing, so this is a vital point of entry into your business that needs to be shored up. Intelligent anti-phishing solutions such as Egress Defend stop hackers near the top of the kill chain, preventing attacks from taking hold in the first place.
Want to learn more?
Egress Defend uses machine learning and natural language processing capabilities to detect sophisticated phishing attacks in real time. Arming employees with Defend turns them into cybersecurity assets, rather than points of vulnerability. If cybercriminals return for a second attack, they’ll find themselves thwarted.