Another day, another ransomware attack. In just the last month, a global car manufacturer have become a victim, along with several lesser-publicised organisations.

Some recently published research by Veritas Technologies found that 40% of consumers hold business leaders responsible for ransomware attacks. Why is that? These days, ransomware attacks are being increasingly covered by mainstream media and because there have been so many high-profile attacks, it’s hard to ignore. Just look at Travelex at the beginning of 2020. Coverage like this may be one of the reasons why consumers are apparently becoming less forgiving of businesses who do not take the risk seriously.

The Veritas Technology survey found 65% of the 12,000 respondents would want compensation and 44% indicated that they would stop buying from a company that had been the victim of such a crime.

To pay or not to pay?

So, what should companies do if they fall victim to a cyber attack? Most cyber security experts and law enforcement agencies agree that paying up encourages criminals to pursue more ransomware attacks. It also doesn’t necessarily ensure that your data will be returned, or that your system won’t be left vulnerable to future repeat attacks. Plus it risks identifying you as a “known payer” who will be attractive to other cyber criminals.

Even with this advice, it looks like many victims have decided that paying their attackers to retrieve data outweighs the cost of other recovery methods. The 2020 Hiscox Cyber Readiness Report found that of the total respondents that had experienced a ransomware attack, 16% paid a ransom – with combined losses adding up to around £300million. Thankfully, the rest of the organisations had backups that meant they could rebuild without resorting to paying a ransom.

Interestingly, the Veritas Technologies study found that 71% of the respondents wanted companies to make a stand and refuse to pay a ransom. Of course, that position changed when their personal data was at risk – in which case, 55% then wanted their suppliers to actually pay.

Who are ransomware targets?

It’s not just large organisations like Travelex who face this tough decision in the event of a ransomware attack. Smaller businesses are also at risk. In 2019 in the UK alone, reported ransomware incidents against business increased by 195%. This translates to an estimated 6.4 million ransomware attacks just in the first of half 2019, making the UK the most targeted region in the world behind the US.

Managing the risk of ransomware

The most effective way for organisations and senior leaders to avoid this dilemma altogether is prevention. We’re not here to reinvent the wheel on this one; the same advice you may have heard before actually works:

  1. Around 90% of cyber attacks begin with a successful phishing campaign, so workforces should be educated on the threat and the importance of good cyber and password hygiene.
  2. Backing up of the organisation’s most sensitive and crucial data should be embedded in business processes i.e. done regularly and robustly maintained.
  3. IT teams should ensure that systems are regularly patched with the latest security updates.
  4. Ensure appropriate filtering on email and internet use is set up to limit the likelihood of end users (your workforce) accessing malicious files or websites.
  5. Correctly configured access management should be part of ongoing security operations. Do staff only have access to what they need?
  6. Understand your supply chain. While your cyber security might be good, cyber criminals will take advantage of suppliers with a weaker cyber security posture.

For a consultation and pro-active conversation regarding your cyber security risk, please contact BOM IT Solutions on 0800 038 7222

Alternatively, simply complete the form below:

PGI (Logo)