Securing a modern network

Cybersecurity threats like ransomware, DDoS attacks and network vulnerabilities that allow attackers to access networks and steal information are on the rise. Don’t think your organization will fall victim? Think again.

The median ransom payment has skyrocketed from under $199,000 in early 2023 to $1.5 million in June 2024.¹ Most likely, organizations will experience recurring attacks in the future, too. As an example, a survey by Cybereason found that 78% of organizations that paid ransomware demands were exposed to a second attack.²

Evolving security threats often leave IT leaders with more questions than answers, including: Will modernizing my network make maintaining security measures easier and help with evolving threats, or will it create more complexity to manage? In this executive brief, we’ll explain the current security risks to your organization, steps you can take before an attack hits and some of the comprehensive security solutions available for a modern network that make it easier to maintain.

Same challenges, new threats

Critical business systems and applications that have not been updated are more susceptible to data breaches. 2024 saw an unprecedented surge in published Common Vulnerabilities and Exposures (CVEs), reaching a record high of 40,009. This represents a 38% increase from 2023.³ Most organizations, including those with IT-developed departments, have a limited amount of time to work through the steady churn of updates to critical systems. This has been a constant in IT security for years. What has changed, though, are the threats to an organization’s network.

More leisure guests mean business

One of the most popular threats today is ransomware. Expenditures related to mitigating a ransomware incident can go far beyond the asking price to unlock data encrypted by attackers. These costs can include the ransom, network downtime, employee time, equipment costs, network costs, lost opportunities and other financial losses. Excluding ransoms, the average cost for organizations to recover from a ransomware attack is nearly $3 million.⁴ To top it off, 84% of victims paid the ransom, but only 47% got their data and services back uncorrupted.⁵

$3M – The average cost for organizations to recover from a ransomware attack.⁶

Few sectors of the economy have been spared from cybercrime. While ransomware impacts all industries, there’s been a recent surge in attacks on shipping and supply chain businesses as more people shop online. Cybereason found that 41% of ransomware attacks breached organizations via supply chain partners.⁷

New twists on DDoS attacks

Distributed denial of service (DDoS) attacks are designed to flood a network, application or service with traffic to block legitimate access to resources. DDoS attacks are not new, but they are evolving and even showing seasonality.

Another new twist on DDoS attacks is the addition of ransom requests before an attack occurs. A triple extortion attack is a good example. In a triple extortion attack, bad actors use a three-pronged approach to extort money from victims by:

• Targeting business systems with ransomware to encrypt sensitive information.
• Extracting this sensitive customer data and encrypting it with ransomware followed by threatening the business with leaking or selling data online.
• Threatening to disrupt business operations with a DDoS attack that pressures the victim to pay the ransom fee by a specific date.⁸

Even if a DDoS attack doesn’t involve extortion, it can still be used to distract IT teams from other attempts to breach the network at the same time. For example, bad actors will sometimes launch a small-scale DDoS attack to keep IT professionals busy. The thieves then hack the network and steal data while no one is looking. Tactics like these demonstrate that DDoS incidents can be multi-faceted and are not something that organizations can wait out.
 

Steps to take now to protect your organization

Backup your data off site

Leaving your network vulnerable to external threats can impact your bottom line. The good news is that there are simple precautions you can take to help protect your network on your own or with the help of security solutions from a trusted provider. One of the most important steps to take right now is to conduct regular backups of data that are stored off-site or on hardware that does not have a permanent connection to your network. Many IT teams make the mistake of storing backups on systems interconnected with the rest of the organization. This renders them useless as an attack spreads, as they can be infected along with the rest of the network.

Know the details of your connectivity

You should also know who supplies your network connections and what kind of connections you have for your organization. Keep the phone number of your internet provider within reach in case your network is not available to search for contact information during an attack. On a similar note, keep an updated list of your IP address blocks stored offline. Giving that information to a DDoS protection provider can help them resolve attacks faster.

Train your staff to identify threats

Many of the most destructive attacks begin with a single click in an employee’s email in the form of phishing, password and malware attacks. Organizations can help protect themselves by training staff to identify common phishing tactics and by regularly testing the team with emails that simulate an attempt to breach your network.

90% of corporate security breaches are the result of phishing.⁹

A comprehensive approach to security

Securing your network

Organizations can better protect their networks by investing in a managed security service from a provider with technology that can safeguard network operations and ensure security measures are always up to date. Managed services take the guesswork out of network security and also free up your IT team to focus on other business-critical initiatives.

When evaluating solutions, look for an option that provides a fully integrated firewall and comes with end-to-end system design, installation and support. The best solutions also offer unified threat management (UTM) with capabilities for intrusion prevention, content filtering, DNS protection and antivirus. Some vendors offer this protection as part of a comprehensive, all-in-one network solution while others may require you to buy security features as an added service.

Securing your connectivity

No matter what modern network solution your organization chooses, DDoS protection from a nationwide connectivity partner can further protect your network with 24/7/365 threat detection and mitigation, ensuring the availability of your network assets. The best solutions for modern networks use cloud-based intelligence to evaluate your network activity and identify threats before they reach your IP addresses.

Automated attack mitigation and traffic rerouting will help keep your network resources available while malicious traffic is rerouted and scrubbed clean by your provider. Read the terms of service contracts carefully as some charge an added fee for every incident. That can get costly. DDoS protection that has a flat-rate, subscription-based service lets you avoid unexpected expenses in the event of multiple attacks.

Keep your data safe with a partner you can trust

Proactive prevention is the best defense. Waiting until your organization is under attack is not the time to figure out who to call. Instead, plan ahead and have solutions in place before you need them.

Security threats can derail an organization, but adopting modern security measures can be easier than it looks. By working with an experienced and trusted service provider, you can ensure consistent protection with automated updates built into your network at every level.

Discover how Managed Network Edge, delivered over the Cisco Meraki platform, can quickly and easily strengthen your network security posture.
 

Learn more

1. “2024 Crypto Crime Mid-year Update Part 1: Cybercrime Climbs as Exchange Thieves and Ransomware Attackers Grow Bolder,” Chainalysis, August 15, 2024.
2. Greg Day, “Ransomware: True Cost to Business 2024,” Cybereason, 2024.
3. “Vulnerability Overload: 40,000+ CVEs in 2024,” Cybersecurity News, January 6, 2025.
4. “Ransomware Payments Increase 500% In the Last Year, Finds Sophos State of Ransomware Report,” Sophos, April 30, 2024.
5. Greg Day, “Ransomware: True Cost to Business 2024,” Cybereason, 2024.
6. “Ransomware Payments Increase 500% In the Last Year, Finds Sophos State of Ransomware Report,” Sophos, April 30, 2024.
7. Greg Day, “Ransomware: True Cost to Business 2024,” Cybereason, 2024.
8. “Defeating Triple Extortion Ransomware: The Potent Combo of Ransomware and DDoS Attacks,” Akamai, March 21, 2023.
9. “The State of Email Security Report,” Mimecast, 2023.