Every day in offices across the globe, employees swiftly clear out their email inboxes, opening hundreds of messages and clicking on links without a second thought. Yet just one wrong click could expose a business to malicious ransomware and the ultimate dilemma – being forced to pay up or risk losing everything.
It’s an issue that is increasingly becoming an inevitable part of the modern business world. According to theTelstra Security Report 2019,among Australian organisations disrupted by a security breach in the past 12 months, 81 per cent indicated it was a ransomware attack they experienced.
Alarmingly, this figure has increased five per cent compared to 2018. The same report highlighted 32 per cent of Australian organisations had been interrupted ‘on a weekly or monthly basis’ by ransomware attacks.
The report’s findings are clear, ransomware attacks are happening to more businesses, more frequently. Phishing scams are just the tip of the iceberg when it comes to ransomware. In 2017 over two-thirds of CCTV cameras that monitored public areas in Washington DC stopped operating due to a ransomware attack. It was just eight days before the swearing-in of President Donald Trump and wreaked havoc on security plans for the impending inauguration.This increasing threat of ransomware creates an impossible choice for businesses.
Pay or get played
If you ask any government body globally what to do in the face of an attack, the advice would be the same – don’t work with cyber criminals and don’t make the payment. There’s a multitude of reasons why paying up could put your business in even more hot water.
If a cyber-criminal knows you’re willing to pay the price of an attack, it’s likely that you’ll become a regular target. Additionally, attackers often ask for funds in cryptocurrencies and securing that kind of payment can make your business even more at risk, possibly funding future criminal activity.
The biggest deterrent is that even if payment is made, there is no guarantee that you’ll ever see your data again. Despite all warnings from experts, Australian businesses continue to make payments, while experiencing less and less certainty around retrieving their data.
TheTelstra Security Reportrevealed over half of organisations that experienced ransomware attacks ultimately paid the ransom. Although the report revealed that 77 per cent of Australian businesses that paid a ransom were able to retrieve their data, this is a figure that has decreased by nine per cent since 2018. As ransomware payments become more common, the safe return of data is becoming more unlikely.
However, alarmingly, 79 per cent of respondents indicated they would pay the ransom again next time if there were no back-up files available.
So why are Australian businesses routinely admitting defeat and paying cyber criminals, even with the risk that they still may lose it all?
Face the fear
When faced with the options presented by a ransomware attack, it’s understandable that the cost of a significant data loss could pose a larger threat than a monetary lump sum. Beyond the payment of the ransom, is the costly threat of downtime and operational disruption to the supply chain. In a business context, even a minor disruption can incur major financial losses.
As a result, we see decisions driven by fear. Yet this is a fear that can be countered with the right expert advice and proper preparation.
Paying the ransom is never the answer. Businesses must continue to identify critical data and ensure regular offline backups and versioning is performed, so that the threat of a loss is lessened.
Regular security patching and updates for operating systems and applications will mitigate the risk of vulnerability to ransomware. Technical vigilance is just one piece of the puzzle; it’s important to consult with experts in the event of an attack, so you can understand your options and take the next steps towards securing your data.
In an increasingly digitally-led world, the threat of a ransomware attack is almost inevitable. It’s important not to let fear take over and put in place measures that will prevent an attack from proving catastrophic for your business.
This article first appeared on Australian Cyber Security Magazine in October 2019.