Malware and Your Bottom Line: The ROI of Protection and Prevention
You have probably seen the headlines. Today’s malware is prevalent, powerful, and costly for those who are attacked. Most midsized businesses have dedicated budgets to protect their networks and many have some malware protection in place, but questions remain:
- Are the solutions that are in place enough?
- Would additional protections be worth the cost?
- Or is it better to just save money for the cleanup process (since attacks are inevitable)?
The best way to answer those questions is to look at the numbers themselves. So let’s dive into the math behind malware protection, prevention, and clean-up, so you can judge for yourself the ROI of investing in additional security technologies. The results may open your eyes to an automated approach which could save you significant money.
The Prevalence of Malware
A whopping 77 percent of American businesses and 82 percent of those in other countries have experienced between one and five cybersecurity incidents in the past 12 months. How often you will be targeted depends on your industry, location, company size and many other factors. But it’s clear today that everyone from home users to large enterprises will be targeted eventually.
As you may know, there are a lot of different types of malware out there, and ransomware is one of the most common and fastest-growing forms today. A recent Datto study found that 91 percent of IT providers have clients who have been victimized by ransomware in the last year. In fact, 40 percent of those IT providers said they’d dealt with more than a dozen cases during that time frame. Yikes.
Below, we’ll explore the costs of malware, including ransomware.
The Costs of Malware
On the high end, a Ponemon study found that, in the last 12 months, small and midsize businesses spent an average of $879,582 on damage or theft of IT assets and an additional $955,429 because of disruption to business operations. On the lower end, this Kaspersky report estimated that an individual security breach will cost an SMB $86,000. Whether you want to look at the worst case scenario or the best, these numbers can be staggering, and can easily endanger a small or midsized business’ viability. In a Datto study, 63 percent of survey respondents said a recent ransomware attack had caused business-threatening downtime for them.
When it comes to ransomware, the average ransom demanded is between $500 and $2,000, which is considerable for a small business with finite resources. More than ten percent of cases demand a ransom larger than $5,000. Worse, payment is, unfortunately, not a guarantee that you’ll actually get the data back. About seven percent of respondents said they faced situations where hackers didn’t give the data back even after the ransom was paid.
Below, we look at some cited statistics around the expense malware attacks can cause:
Most SMBs today have some type of protection against cyberattacks in place. Typically, this comes in the form of antivirus and firewalls, as well as a small in-house IT team or outsourced IT provider. In addition, most companies have backup and recovery systems in place, not only to support business operations, but also as a security measure in the event of a breach.
Here is what these costs look like for a typical 1,000 person company (a large SMB):
Without these basic protections in place, businesses would be in a constant state of defense, fighting infections with no end in sight. It’s unlikely they’d be able to stay in business long. So clearly there is ROI in investing in these basic protections.
However, they simply aren’t enough on their own. Studies like this Ponemon report show the majority of companies will be hit at some point with advanced malware attacks, which are able to easily evade basic protections. In fact 76 percent saw attacks evade antivirus. So it makes sense to invest in additional security technology to further reduce the likelihood of being damaged by an attack that the basic precautions above can’t stop.
Leveling Up on Malware Protection
The options for SMBs who are looking to fight advanced malware include next-generation firewalls (NGFW) and security information and event management systems (SIEM). These are both forms of what we refer to as malware “prevention” (vs. protection). Cost-wise, not only do these require an up-front investment, but most have monthly or yearly subscription costs and maintenance fees—plus they require specialized personnel to run them effectively.
Below we look at the costs of some common options for this type of malware prevention.
Depending on the size of your organization, the number of times you are successfully attacked and the extent of the damage done to your business, there is an ROI for making this investment. If we accept Kaspersky’s $86,000 per incident figure and believe that prevention technology above will help stop at least four attacks per year, then an argument can be made that the investment makes sense.
Adding additional new HW and SW is not the only option. Many vendors have additional modules that add Intrusion Detection (IDS), sandboxing, and other more advanced malware type protections. This may save capital expense and simplify things a bit, but it still requires you to have several experts on board and still does not guarantee that all advanced malware will be caught (since, again, many strains can get around firewalls and antivirus). In fact, 57 percent of businesses surveyed in the Ponemon Study said they have had attacks get around their intrusion detection systems. Advanced protection services may make it more difficult for bad guys to walk in the front door, but still won’t prevent many types of malware infections and will cost tens or hundreds of thousands of dollars annually.
A Different Approach to Malware Prevention
A relatively new and lesser-known approach to stopping malware infections involves using recursive domain name servers (DNS) to prevent malware infections by identifying traffic as it tries to communicate with suspicious sources. This approach has many technical advantages over firewalls and other appliance-based prevention solutions, but we won’t cover these here (you can read up on that here if you’re interested). Let’s focus on the ROI side.
Additionally, using an automated solution like Strongarm means you don’t have to keep investing in security people (who are both hard to come by and expensive to hire). You’ll be able to stop attacks faster and with minimal manual intervention.You can immediately see the ROI from this approach. Even with the most conservative approach to estimating the costs associated with a malware infection, adding in DNS-based prevention deserves consideration by any organization. It is not only more cost-effective than next generation appliances, but it’s also more powerful because it adds a layer of protection that is watching the “back door” (as DNS-based malware prevent does). Having multiple layers is a best practice from a security perspective and will keep you more secure than throwing money at another “front door” protection like firewall and antivirus.
Moreover, the math above doesn’t even begin to take into account some of the incident response tools that many organizations invest in ahead of a malware attack. With a DNS-based malware protection approach, you can cut these costs exponentially, since incident response is baked into tools like Strongarm (we’ll cover this in more depth in a future blog post).
We think the math is pretty obvious. Malware is very common today, and when an attack is successful, it can be very expensive, even crippling, especially for small to midsized businesses. As you can see, the costs of prevention—that is, prevention done right—don’t have to be astronomical. We think it’s safe to say that planning ahead and investing in the right layers of malware protection is well worth it.
Want to learn more about how Strongarm’s DNS-based malware protection can save you tens or hundreds of thousands of dollars?