Recent media coverage has featured no shortage of cyber attack and data breach news. So, when news broke that another major company—Uber—fell victim to cyber hacker’s schemes, it was no surprise.
Yet, unlike this year’s Merck or Equifax incidents, Uber not only faced a massive breach, but the attack was not disclosed to the public for over a year and they paid the hackers a $100,000 ransom to delete the stolen data.
When it comes to cyber threats, much of business continuity planning is focused on how to prevent an attack from ever occurring. And while these are very critical plans to have in place, the reality of today’s rapidly shifting business environment, driven by technology, is that there is an increased likelihood of some type of cyber breach occurring, despite your best planning.
Do you know how your organization will react? When faced with the stress attempting to contain the breach, while addressing questions from executive management around why your website has been down, fielding the influx of calls from frustrated customers and worrying about the unknown effects yet to be identified, knowing your reaction plan is critical. You need to ensure that every decision you make aligns with ethical and legal requirements and that you are doing your best to regain control from the ransomware attackers.
Pay or Walk Away? Experts Weigh In
While addressing the attack by paying the ransom may seem to be the easiest or quickest way to secure your stolen data or keep your business up and running, security expert advise against this. Here’s why:
- Paying Likely Won’t Save Your Data: Paying a ransom is not a guaranteed contract. A 2017 Telstra cybersecurity report, found that nearly one in three of the organizations that paid a ransom did not recover their files. What’s more is not all hackers are motivated by financial gains—some are in it to damage your reputation and cause havoc.
- You’re Opening the Door to Future Attacks: By choosing to pay the ransom its showing hackers that your business is an “easy target.” Even if you increase your cyber security and learn from the attack, you may be increasing your chances of a subsequent attack because they know you’ll pay to play.
- It Brings Your Ethics into Question: Peter Coroneos, the former chief executive of the Internet Industry Association and an expert on cyber policy, says ransomware demands presents practical and ethical dilemmas. “As a matter of principle, the answer should always be no … based on the simple dynamics of perpetuating bad conduct.
- You’ll Fuel Ongoing Cyber Crimes: On a larger scale, choosing to meet the demands of an attacker givers more power to this type of crime in the future. If not your organization, attackers will move on to the next vulnerable organization Robert Pritchard, a cybersecurity expert at the Royal United Services Institute, a research organization in London. “Despite people’s best efforts, this vulnerability still exists, and people will look to exploit it.”
Choosing not to pay a ransom does not eliminate all cyber attack problems. The reality is that you still need a plan for how you’re going to react, how you’re going to recover and how you’ll manage the reputational impacts. Acting fast and maintaining transparency are two key elements to keep in mind as you work to define your business continuity plans before, during and after a cyber attack.
For industry tips and to keep up-to-date in the evolving software space, subscribe to the Assurance Software blog.
Written by Assurance Software
Assurance Software takes your company’s enterprise-wide business continuity and resiliency program to the next level. AssuranceCM and AssuranceNM work together to allow your business to manage recovery seamlessly – protecting every aspect of your business.