Ransomware: Top concerns in the to pay or not to pay debate
There has been a dramatic shift in the level of conversation about ransomware this year, with the issue a high priority for business leaders and governments. We know ransomware is on the rise, with Mimecast reporting that more than six out of ten Australian companies suffered a ransomware attack last year, up from 48 per cent in the prior year in its annual State of Email Security (SOES) Report 2021.
The Office of the Australian Information Commissioner (OAIC) has reported that data breaches arising from ransomware incidents increased by 24 per cent in the first half of the year, prompting Australia’s Privacy Commissioner to warn that such attacks “are a significant cyber threat” that may be under-reported.
The extent of ransomware is unclear, and calls for greater transparency are coming from several quarters worldwide. The federal government is considering the implementation of a mandatory ransomware reporting scheme, where organisations that pay criminals to recover their files would be required to report this activity to the government.
To pay or not to pay?
Everyone is on notice, with corporate organisations and government agencies alike all reviewing their security policies and risk management procedures.
In July, security professionals attending Mimecast’s Cyber Resilience Executive Society Roundtable (CRES) all reported widespread concern over the increasing frequency of ransomware and nation-state attacks. As such, what are the top concerns for businesses and IT departments in the “to pay or not to pay?” debate.
Getting the business back up and running quickly:
- It is a no brainer that companies will want to get back online and recover critical data as soon as possible. Effectively, the longer they are offline and without access to vital information, the more money they will lose, which is why many companies end up paying the ransom.
- Additionally, there is no guarantee that the hackers will release the data once the ransom is paid. Mimecast’s SOES report shows that of the 54 per cent of Australian businesses that paid a ransom, 76 per cent recovered their data and 24 per cent didn’t get their data back despite paying.
The risk profile of ransom payments:
- Many companies are still weighing the benefits of a payment, to avoid having data leaked in increasingly common ‘double extortion’ attacks. Here malicious code quietly exfiltrates as much corporate data as possible, sending it back to its authors before the ransomware encryption begins. This gives cybercriminals more leverage as they pressure companies to pay up or risk having sensitive data and corporate secrets made public.
- The cyber resilience panel noted that ransomware criminals rely on insurance companies to pay companies’ ransoms, for this attack method to remain lucrative. In response, some insurance companies are starting to refuse to pay ransoms on the basis that customers need to proactively protect themselves, and ensure they can recover quickly and effectively in the event of a successful attack.
What are the next steps for government and businesses?
Support for mandatory reporting and stronger government action against ransomware were two of the key themes to emerge from Mimecast’s cyber resilience roundtable, as well as increased Australian government involvement in corporate ransomware response.
For businesses, a ransomware response means strengthening cyber resilience as part of their ongoing approach to business continuity planning, and mitigating the impact of attacks. Every organisation needs to ensure that critical data is protected with advanced security, and that affected data can always be recovered. Businesses also need a robust continuity plan to ensure staff have uninterrupted, secure access to data throughout any planned or unplanned downtime, not last minute or complex workarounds.
For more information: http://mimecast.com/GovernmentAU.
Jake King, Director of Threat Intelligence at Elastic, talks with us about the evolving cyber...
When it comes to digital transformation within the public sector, nothing is more important than...
Taking control: Why organisations must protect passwords with a comprehensive password management strategy
Here are five steps that security teams looking to improve how they safeguard workforce...