The Impact Ransomware Has on All of Us

The Impact Ransomware Has on All of Us

We’ve spent the last few weeks discussing ransomware’s impacts on different subsets. First, we discussed how a ransomware attack impacts the customers of the infected business, and then we touched on the infected business itself. To end, we want to touch on ransomware’s impacts on society, specifically regarding economic health and geopolitical security, known as third-order harms.

Make No Mistake, Ransomware Impacts Society as a Whole

Unfortunately, in addition to the businesses and their customers that ransomware can wreak havoc on, the impact of these cyberattacks can create some significant issues for civilization overall. As you might expect, the impacts of ransomware are severe enough and, unfortunately, common enough to have permeated upwards into the general public and government.

  • A study by Sophos showed that ransomware attacks against state and local governments not only saw high levels of successful data encryption (76% of attacks) but also low rates of successful encryption avoidance (19%).
  • In 2023, 28% of businesses paid over $1 million to ransomware, while only 5% did so the year prior.
  • The Federal Bureau of Investigation reported that government facilities were the third largest target for ransomware attacks in 2023.
  • Ransomware incidents against government organizations were also 51% more prominent in January through August of 2023 than they were in the same span of 2022.

Ransomware’s Effects on the State are Referred to as “Third-Order Harms”

To define third-order harms, we again turn to The Scourge of Ransomware, a paper produced by Royal United Services, a think tank based in the UK. This category, as the paper describes it, refers to “the cumulative effects of ransomware incidents on a state’s economy, society and national security.” Again, these harms are designated by how far removed they are from the initial attack and break down thusly:

  1. First-Order Harms directly impacted the business that was attacked and its staff.
  2. Second-Order Harms impacted organizations downstream from the attacked business as well as the individuals who relied on or trusted the attacked business.
  3. Third-Order Harms impacted entire societies, organizations, and governments through all the ransomware incidents the collective experienced on an economic and security-based level.

As we’ve said, we highly recommend that you read the paper in its entirety. It is fascinating and thought-provoking. However, to help make our point, we have gathered some third-order harms the paper cites.

What are the Third-Order Harms of Ransomware?

Third-order harms have the widest reach of the different degrees of harm that ransomware causes. This is to be expected… after all, we’re discussing the impacts of these cyberattacks on the societal scale. Despite this, many of these impacts tend to go undiscussed until they actively influence everyday life. Indeed, the paper itself states:

“It should be noted, however, that there are significant knowledge gaps about the impact of ransomware at a national level. This makes it challenging to assess the severity of the harm caused by ransomware to the UK and other countries, and creates the risk that governments will not prioritise and properly resource responses to ransomware.”

Many of these impacts are admittedly pretty obvious in retrospect, but certainly aren’t the first that one would associate with ransomware.

For instance, on an economic level, it makes sense that ransomware could disrupt key companies or put roadblocks in the supply chain. However, while it makes logical sense looking back on it, it isn’t typical to associate the average ransomware attack with a reduction of economic output or national productivity. Reflecting on the rest of the paper, it becomes too clear that ransomware could (and does) severely impact the economy, especially if certain businesses are targeted. The paper references an attack on MKS, a US-based manufacturer that produces the tools to make semiconductor chips, a piece of technology essential to creating many—if not most—modern infrastructures.

Furthermore, it is incredibly difficult to accurately measure the combined impact of any ransomware incident on the economy, making the true extent of the damage very challenging to determine.

Regarding national security, ransomware attacks against what the report calls critical national infrastructure, or CNI, can also have widespread impacts and implications. Public safety will be inherently reduced, and the data needed to keep people safe will be interrupted, but the public’s faith in their government and law enforcement is also apt to take a hit. It also must be said that these attacks can give competitors and rivals on the world stage an unwelcome advantage.

Societally, many of the micro-level impacts of ransomware still apply on the macro scale… arguably, they are only made worse by their increased scope. For instance, there are many essential government services and support that people rely on. A ransomware attack against one of these services would interrupt them and make the recipients less inclined to trust the afflicted service.

Plus, cybercrime becomes normalized the more ransomware appears, creating a very unwelcome new normal. It also doesn’t help that ransomware harms more vulnerable populations in general.

It is Everyone’s Responsibility to Fight Ransomware

We’re here to help.

While we can’t possibly fix every societal problem ransomware has caused by ourselves, we see it as our responsibility to help protect the businesses of New Hampshire from its impacts. That’s why we ask that you read and share this blog and The Scourge of Ransomware with everyone you know.

If you happen to own one of the businesses of New Hampshire, we’d love to get in touch with you to discuss how we can assist you in avoiding ransomware, its impacts, and other issues that could affect your operations. Give us a call at (603) 889-0800.

Related Posts

Comprehensive Cybersecurity Starts With These Actions

The effectiveness of your business' IT security heavily relies on the functionality of your IT operations. Ensuring that your staff understands their role in safeguarding your business assets is imperative. Let’s delve into the essential priorities for establishing a robust security training platform—an indispensable element in fortifying your business' IT defenses. Evaluate and Improve Your Se...

How to Avoid Becoming the Next Data Security Cautionary Tale

Data security isn’t a matter to be taken lightly, as too many businesses have found out the hard way. Unfortunately, there are far too many simple ways to correct common security issues - enough that it’s foolish not to do so. We’ll review a few ways to fix security issues, after discussing one of, if not the, most egregious security failings in modern history. The Equifax Problem Sometime bet...

These IT Threats Can Ruin Your Business

Technology is a major part of today’s business. It’s fair to say anyone that works in business today is at least semi-proficient with the technology needed to complete their tasks. Unfortunately, for many people, however, the fact that their business requires complicated technology is problematic. This is because at any given moment there are people looking to undermine their job, seeking access t...

Three Ways You Benefit from Encrypting Your Email

Encryption stands as a formidable shield for businesses, fortifying their security architecture. While often discussed in VPN contexts, its significance in securing email solutions cannot be overstated. Why is email encryption indispensable for businesses of all sizes? Let's explore. Before delving deeper, let's grasp the essence of encryption. Essentially, it's a protocol that renders data unr...