10/15/2019
It's a Tuesday afternoon, the office is bustling, your servers are down and your tech team is stumped. The phone rings - the call you've been dreading. Your data and critical servers have been compromised. The attackers are demanding a hefty fee to undo the damage.
It's a scenario that has played out thousands of times across the country. Ransomware is a very real threat that faces any organization with digitized data. Cyber crime is a big market. According to CSO News, cyber attackers have been responsible for over $445 billion in losses to consumers across the globe. From data downtime to consumer trust - these attacks put businesses in financially compromising situations.
There is little rhyme or reason behind who gets targeted other than opportunity and the right combination of IT vulnerabilities. So, when it comes down to the wire, what do you do?
To Pay or Not To Pay: That Is the Question
In any ransomware situation there are really only two viable options: You pay up or you push back. Unfortunately, there is no definitive answer as to which solution is better. The standard response is "don't give in" but there are some notable factors that play into the case for handing over the money and getting on with business as usual.
TO PAY
Cyber attacks differ by nature and often by a considerable scope. Cyber criminals could be asking for $400 to restore a few critical files or $40,000 to untangle an entire server. Response can often be dictated by an ROI cost equation. Put simply, the ransomware attack is a business risk transaction. Leaders should compare the cost demanded by the attacker to the cost of lost time, verifiable business loss and damaged brand reputation. From there, leaders can make a more financially focused decision surrounding payment.
Public perception is also a particular motivator for payment. A study by ThreatTrack found that 1 in 3 IT professionals would advise executives to negotiate the ransom in order to circumvent public disclosure of the mishap. Moreover, 66 percent of participants fear customer criticism regarding their business' decision to not negotiate with cyber criminals.
It is a lesser discussed point but it factors heavily into business decisions. Data breaches or related hiccups in cyber security are a PR nightmare. When payments are made, businesses can often sweep the event under the rug. The Fraud Blog found that experts largely attribute ransom payments to businesses that are attempting to avoid the fallout of a public breach.
While it may be easy to tell organizations not to negotiate with cyber terrorists, the fact is sometimes businesses have little choice in the matter - especially if an organization doesn't have a solid business continuity plan in place. When a ransomware attack compromises vital business information and the company is not positioned to quickly and efficiently recover it, ransom payment might ultimately be a less damaging hit to take.
NOT TO PAY
With all that said, professional best practices still lean toward not playing into the demands of cyber criminals. Besides the general moral of not giving into the evil forces of the cyber world, it is a common understanding that paying up is exactly what fuels more ransomware attacks. In fact, experts believe organizations that pay up are the reason for the recent spike in occurrences.
Beyond perpetuating the attacks themselves is the fact that nothing is stopping cyber criminals from not holding up their end of the deal. In fact, many organizations that haggle with hackers often end up losing data AND money. The solution here is to let your IT team take the wheel and untangle the data the best way they know how. Hopefully, your organization has had ample training and has prepared a strong business continuity plan to deal with the breach across all business functions (PR included).
The Takeaway
While ransomware responses are largely dependent on the unique capabilities of a given business, one thing stands true: It would be easier to avoid these catastrophes altogether. Save yourself from having to make the decision in the first place by adequately preparing your team with the cyber security expertise and foresight to stop cyber criminals in their tracks.
To learn more about available courses and training for your team, visit LearningTree.com