Threat actors must access a company's IT system to do harm. It turns out that the most brutal attack vector is also the simplest: exploiting unpatched vulnerabilities.
A recent Sophos study shows that companies suffered more severe ransomware attacks via the unpatched vulnerability gap than they did through compromised credentials. Threat actors mauled backups in 75 percent of cases studied, encrypted data in 67 percent of cases, and forced 71 percent of companies to pay ransom.
Recovery costs averaged $3 million, compared to $750,000 for attacks using compromised credentials. And in 45 percent of cases, recovery took longer than a month.
So How Bad Is It?
According to Sophos, one-third of all ransomware attacks start with an unpatched vulnerability, and the impacts are more severe. It's easy to see why. As companies grow, so do their IT systems. The bigger the IT system, the larger the attack surface. That larger IT system is going to cost more to maintain and protect.
Companies may operate on the cheap by restoring data from backups after experiencing a ransomware attack. However, this tactic is blocked when the threat actor compromises the backup. Paying the ransom becomes the only choice to remedy the situation.
Insurance carriers may not be so forgiving. If the root cause of the attack was a compromised credential, they will usually pay out, denying only 12 percent of claims. However, if the victim company neglected to patch and maintain IT systems, thus creating an exploitable vulnerability, the denial of claims would rise to 25 percent of all cases.
Simple Problems Have Simple Solutions
Sophos channel partners can protect their clients from suffering these consequences. They can help patch and update client IT systems regularly, thus minimizing the IT system's attack surface. They
can help craft solutions using Sophos Endpoint to block threat actors from exploiting unpatched vulnerabilities and zero-day attacks. They can also help deploy Sophos Managed Detection and Response (MDR), which continuously monitors a client's IT system to detect, contain, and remediate any attack. All this is backed by teams of cybersecurity specialists who are on-call 24/7.
Click here to learn how Sophos’ complete cybersecurity system can keep your customers secure.