Ransomware is a Societal Problem, Not Just a Business Problem

We’ve spent several weeks discussing ransomware's impact on various subsets of everyday life, including how it has affected customers and businesses. Today, we want to highlight the impact of ransomware on society in regards to economics and geopolitical security.

Ransomware Has Devastated Society

Cyberattacks can target businesses and larger organizations, as well as individuals. Ransomware attacks can do the same, impacting society on a grand scale. With enough power, a ransomware attack can impact the general public and governments.

• A study by Sophos showed that ransomware attacks against state and local governments saw not only high levels of successful data encryption (76% of attacks) but also low rates of successful encryption avoidance (19%).
• In 2023, 28% of businesses paid over $1 million to ransomware, while only 5% did so the year prior.
• The Federal Bureau of Investigation reported that government facilities were the third largest target for ransomware attacks in 2023.
• Ransomware incidents against government organizations were also 51% more prominent in January through August of 2023 than they were in the same span of 2022.

How Ransomware Affects the State (Third-Order Harms)

First, we need to establish what third-order harms are. To do this, we consult The Scourge of Ransomware, a paper produced by Royal United Services, a think tank based in the UK. The paper describes this type of harm as “the cumulative effects of ransomware incidents on a state’s economy, society and national security.” These harms are designated according to how far removed they are from the initial attack. Here’s a breakdown of the harms:

1. First-Order Harms directly impacted the business that was attacked and its staff.
2. Second-Order Harms impacted organizations downstream from the attacked business as well as the individuals who relied on or trusted the attacked business.
3. Third-Order Harms impacted entire societies, organizations, and governments through all the ransomware incidents the collective experienced on an economic and security-based level.

Reading the paper in its entirety can be very beneficial. We want to highlight some of the third-order harm that the paper illustrates.

Here Are the Third-Order Harms of Ransomware

Third-order harms have the greatest reach out of the various different types of harm that ransomware can inflict. Many of these issues that impact society as a whole are not often discussed, as the paper illustrates:

“It should be noted, however, that there are significant knowledge gaps about the impact of ransomware at a national level. This makes it challenging to assess the severity of the harm caused by ransomware to the UK and other countries, and creates the risk that governments will not prioritise and properly resource responses to ransomware.”

Admittedly, some of these impacts are clear, but they are not often associated with ransomware.

For example, ransomware can impact the supply chain, leading to widespread issues with goods acquisition and worldwide trade. Most individuals are not going to consider these broad impacts of ransomware. The rest of the paper clearly illustrates a significant problem with how ransomware influences the economy if specific businesses and industries are targeted. The paper examines a situation where an attack on MKS, a US-based manufacturer that creates semiconductor chips, could potentially impact other modern infrastructures.

Of course, it is quite difficult to gauge the impact of any one ransomware attack on the economy. When examined from this context, there are countless elements at play for any one attack.

Ransomware attacks also have the potential to damage critical national infrastructure, or CNI, which can have broad influences and implications. Some examples are decreased public safety, interferences with crucial data services, and an undermined faith in government and law enforcement at large. These attacks also give competitors on the global scale an unwelcome advantage.

When discussing societal damage from ransomware, many of the problems that affect organizations at the micro level still apply at the macro level, which is just much more dangerous and much worse. For example, consider the serious ramifications of people not having access to government aid, programs, and services that they have come to rely on. A ransomware attack could bring these all down if it’s bad enough.

Cybercrime in general is seen as a normal occurrence now, which is a dangerous norm to embrace. In fact, vulnerable populations are particularly at risk of the harm that ransomware presents.

Ransomware is an “Everybody” Problem

We want to do our part to keep the public informed of ransomware threats. If your organization is ready to do the same, be sure to contact us at (978) 482-2020 today. We’ll work with you to protect your Boston Metro and across the North East business from the damages and dangers of ransomware attacks.