Greater Proactive Investment in Ransomware and Cyber Defense Required

By Kevin McDonald, COO and CISO, Alvaka Networks

As the Chief Operating Officer and Chief Information Security Officer at Alvaka Networks, I’ve spent decades on the front lines of cybersecurity, witnessing firsthand the devastating toll that ransomware and other cyber threats exact on organizations of all sizes. From hospitals, schools and law firms large and small to mom and pop businesses and global enterprises, the story remains the same: a single breach can bring a company to its knees, costing millions, shattering reputations, and, in some cases, forcing closure. Today, as we stand in April 2025, the need for robust investment in ransomware defense and broader cybersecurity has never been more critical. The data is clear, the stakes are high, and the time to act is now.

The Escalating Threat Landscape

Ransomware is no longer an occasional nuisance … it’s a pervasive, existential threat. Back in 2020, I noted in an Orange County Business Journal interview that ransomware attacks had surged from occurring every 30 minutes to every 14 seconds, with projections suggesting a further drop to every 11 seconds. Fast forward to today, and the frequency and sophistication of these attacks have only intensified. While fewer are paying the ransom, the number of cases and the damage has only gone up. The average ransom demand (not negotiated payment), has climbed to $939,063 per victim in recent years, and is just the tip of the iceberg. Recovery costs, legal fees, forensic investigations, system remediation, lawsuits and lost business nearly always dwarf the ransom itself, frequently reaching many multiples of that initial payment.

I’ve seen companies that thrived for centuries collapse under the weight of a single ransomware event. Owners have liquidated their life savings and 401(k)s just to keep the lights on and their employees working. Even with insurance, the process is grueling, with uncovered costs piling up. As I’ve said before, “This is also just the beginning of the costs of becoming a victim.” The reality is stark: many companies (especially small family-owned) companies do not survive a cyberattack long term. This isn’t hyperbole, it’s an anecdote and statistics I’ve cited repeatedly, drawn from years of observing the fallout firsthand.

Why Current Defenses Aren’t Enough

Too many organizations still trust outdated or inadequate defenses. Offline and remote backups, once considered a silver bullet, offer little protection if they are not immutable. As I’ve emphasized in discussions at events like the MSP Summit, “Offline and remote backup does not protect you from a ransomware attack if those same domain admins who manage a network also manage the backup or have access to admin AD and other rights management tools.” Attackers often gain unfettered access within hours of initial penetration and exploit these vulnerabilities with ruthless efficiency.

Basic cyber hygiene such as patching systems, implementing multi-factor authentication, segmenting networks, limiting user rights and segregating duties remains woefully underutilized. Yet, these are the foundational steps I/we as an industry have long advocated for over too many years. I have attempted to convince the business community and individuals to change for more than half of my adult life. In my role at Alvaka, external and advisory roles with groups like the Orange County Sheriff’s Technology Advisory Council FBI Infragard, and many more, the investment is untold. The gap between what’s needed and what’s implemented remains a chasm that cybercriminals exploit daily.

The Case for Investment

The question isn’t whether we can afford to invest in cybersecurity, it’s whether we can afford not to. According to Coveware, a leading ransomware negotiator, in 2024 the average ransomware payment soared (in the third quarter of 2024) to approximately $479,237, with a median of $200,000 (showing the value of negotiations). When you factor in downtime, reputational damage, and regulatory fines, and potential civil settlements, the financial hit becomes astronomical. For Managed Service Providers (MSPs) and their clients, the stakes are even higher. As I warned during my recent MSP Summit session, “Ransomware attacks are an existential threat, causing billions in losses while destroying careers and companies.”

Investment must go beyond reactive measures. We need proactive, advanced threat detection, full time monitoring and tools like machine learning and AI to identify and neutralize threats before they steal or encrypt data. We need comprehensive incident and disaster recovery plans, not just backups, but fully tested strategies that ensure business continuity. And we need incessant and prolific education, empowering and imploring individuals to recognize when something is not right, limit their risky behavior and think before acting.  Advanced phishing techniques and other social engineering tactics that serve as entry points for attackers are prevalent and successful … growing more so with AI and constant modification of threat actor behaviors.

A Call to Action

The U.S. Department of Justice’s move to treat ransomware investigations with the same urgency as terrorism, a shift I called a “huge step” in 2021, was a hopeful move. Yet, they must do so much more and despite increased governmental focus, the private sector must step up. The private sector is the primary group that is responsible for our economy and infrastructure. Too many attacks are succeeding and reporting numbers are laughably low so the situation is exponentially worse than what shows in stats. Victim shaming, lawsuits, regulatory punishment and reputational damage against even those doing good work, and fear of the likely hit to their stock price or customer trust dissuades many from reporting. While totally understandable, this silence only emboldens attackers.

We’ve built a legitimate reputation at Alvaka for being in the top tier of ransomware defense, rescue and remediation. Prevention is the goal, and we are here to help others achieve it. However, that requires recognition of the problem and investment by companies and governments, not just in technology, but in vigilance, people, processes, and partnerships.

It also takes giving back and community investment and whether it’s collaborating with law enforcement. For example I’ve done this through civilian law enforcement support and volunteer roles with the OC Sheriff, Anaheim PD, FBI’s InfraGard and GTIA’s (Formerly CompTIA) Cyber Security Task Force and ISAO. I have worked with numerous domestic and child abuse recovery, crime prevention and human trafficking not-for-profits and other agencies. This work in addition to advising corporate executives, technologists, and legislators. At Alvaka we work hard to be a part of the community preventative solution, not just profiting when things go wrong.  

What works: a multi-layered, well-funded approach.

The message is simple: ransomware and cyber threats aren’t slowing down, and neither can we. Organizations must allocate the resources, financial, human, and technological—to build resilient defenses. The cost of inaction is far greater than the cost of preparation. There’s no limit to how big or small a ransomware attack, or other successful system compromise and their effects, can be. We must all invest now, before the next attack proves the point once more. If you or someone you know gets into trouble, you know who to call. I sincerely hope you never need to meet me on that very bad day.