The Impact Ransomware Has on All of Us

The Impact Ransomware Has on All of Us

We’ve spent the last few weeks discussing ransomware’s impacts on different subsets. First, we discussed how a ransomware attack impacts the customers of the infected business, and then we touched on the infected business itself. To end, we want to touch on ransomware’s impacts on society, specifically regarding economic health and geopolitical security, known as third-order harms.

Make No Mistake, Ransomware Impacts Society as a Whole

Unfortunately, in addition to the businesses and their customers that ransomware can wreak havoc on, the impact of these cyberattacks can create some significant issues for civilization overall. As you might expect, the impacts of ransomware are severe enough and, unfortunately, common enough to have permeated upwards into the general public and government.

  • A study by Sophos showed that ransomware attacks against state and local governments not only saw high levels of successful data encryption (76% of attacks) but also low rates of successful encryption avoidance (19%).
  • In 2023, 28% of businesses paid over $1 million to ransomware, while only 5% did so the year prior.
  • The Federal Bureau of Investigation reported that government facilities were the third largest target for ransomware attacks in 2023.
  • Ransomware incidents against government organizations were also 51% more prominent in January through August of 2023 than they were in the same span of 2022.

Ransomware’s Effects on the State are Referred to as “Third-Order Harms”

To define third-order harms, we again turn to The Scourge of Ransomware, a paper produced by Royal United Services, a think tank based in the UK. This category, as the paper describes it, refers to “the cumulative effects of ransomware incidents on a state’s economy, society and national security.” Again, these harms are designated by how far removed they are from the initial attack and break down thusly:

  1. First-Order Harms directly impacted the business that was attacked and its staff.
  2. Second-Order Harms impacted organizations downstream from the attacked business as well as the individuals who relied on or trusted the attacked business.
  3. Third-Order Harms impacted entire societies, organizations, and governments through all the ransomware incidents the collective experienced on an economic and security-based level.

As we’ve said, we highly recommend that you read the paper in its entirety. It is fascinating and thought-provoking. However, to help make our point, we have gathered some third-order harms the paper cites.

What are the Third-Order Harms of Ransomware?

Third-order harms have the widest reach of the different degrees of harm that ransomware causes. This is to be expected… after all, we’re discussing the impacts of these cyberattacks on the societal scale. Despite this, many of these impacts tend to go undiscussed until they actively influence everyday life. Indeed, the paper itself states:

“It should be noted, however, that there are significant knowledge gaps about the impact of ransomware at a national level. This makes it challenging to assess the severity of the harm caused by ransomware to the UK and other countries, and creates the risk that governments will not prioritise and properly resource responses to ransomware.”

Many of these impacts are admittedly pretty obvious in retrospect, but certainly aren’t the first that one would associate with ransomware.

For instance, on an economic level, it makes sense that ransomware could disrupt key companies or put roadblocks in the supply chain. However, while it makes logical sense looking back on it, it isn’t typical to associate the average ransomware attack with a reduction of economic output or national productivity. Reflecting on the rest of the paper, it becomes too clear that ransomware could (and does) severely impact the economy, especially if certain businesses are targeted. The paper references an attack on MKS, a US-based manufacturer that produces the tools to make semiconductor chips, a piece of technology essential to creating many—if not most—modern infrastructures.

Furthermore, it is incredibly difficult to accurately measure the combined impact of any ransomware incident on the economy, making the true extent of the damage very challenging to determine.

Regarding national security, ransomware attacks against what the report calls critical national infrastructure, or CNI, can also have widespread impacts and implications. Public safety will be inherently reduced, and the data needed to keep people safe will be interrupted, but the public’s faith in their government and law enforcement is also apt to take a hit. It also must be said that these attacks can give competitors and rivals on the world stage an unwelcome advantage.

Societally, many of the micro-level impacts of ransomware still apply on the macro scale… arguably, they are only made worse by their increased scope. For instance, there are many essential government services and support that people rely on. A ransomware attack against one of these services would interrupt them and make the recipients less inclined to trust the afflicted service.

Plus, cybercrime becomes normalized the more ransomware appears, creating a very unwelcome new normal. It also doesn’t help that ransomware harms more vulnerable populations in general.

It is Everyone’s Responsibility to Fight Ransomware

We’re here to help.

While we can’t possibly fix every societal problem ransomware has caused by ourselves, we see it as our responsibility to help protect the businesses of New Hampshire from its impacts. That’s why we ask that you read and share this blog and The Scourge of Ransomware with everyone you know.

If you happen to own one of the businesses of New Hampshire, we’d love to get in touch with you to discuss how we can assist you in avoiding ransomware, its impacts, and other issues that could affect your operations. Give us a call at (603) 889-0800.

Related Posts

Tip of the Month: Using Email While Prioritizing Safety and Security

You probably use your email every day without even thinking about it. Email is, however, one of the main places hackers go when they want to steal personal information. Here are three easy steps you can take to keep your email secure. Use Strong, Unique Passwords A strong password is like a firm lock on your front door: it should be tough to crack. Here’s how to make one: Mix it up -Use a c...

Is Your Organization Prepared to Invest What is Needed into Cybersecurity?

Safeguarding your business' infrastructure from various threats is a well-known imperative. In discussions about network security, the term "endpoint" frequently arises. Exploring the significance of securing all endpoints is the focus of today's article. Commencing with an elucidation of what constitutes an endpoint, we define it as "any device connected to a network capable of serving as a po...

Tips to Improve Your Organizational Phishing Deterrence

Phishing is one of the most prevalent issues individuals and businesses must confront when operating online. This is because there are literally billions of these scam attempts sent each day. That’s right, billions. With over a hundred billion scam attempts sent every year, your business is already getting phished, it’s just a matter of time before someone falls for it. Cybersecurity has change...

You Aren’t Too Small to Be a Cybersecurity Target

“I don’t need to worry about cyberattacks… my business is too small to be of any interest.” This brief rationalization is one of the most dangerous fallacies a modern business can make concerning cybersecurity, and shows a fundamental misunderstanding of how modern cyberthreats operate. If this has been your mindset, we urge you to read on so we can help set you on a more realistic path. Did Y...