Companies cannot ignore cyber and keep paying ransoms, says AJ Thompson, COO Northdoor plc. The firm offers IT services. He points out that even paying ransoms is no longer a guarantee of getting data back. Indeed, cybercriminals are increasingly using the data to blackmail victims, threatening to put the data on the Dark Web or make them public.
Thompson, pictured, says: โThe stats [from Armis] highlighting that companies are paying more in ransomware payouts than they are for cyber defences are really disturbing. Taking the payment option and spending more on it than trying to keep the criminal out in the first place seems to me to be a back-to-front decision.
โThe average cost is going up rapidly and so ensuring that your environment is protected is critical. Spending budget on defences, rather than paying criminals must be the only way approach. It is therefore very worrying that 39 per cent of businesses, having been previously attacked, still do not have the adequate resources allocated to defence. It is perhaps then not surprising then that so many attacks are getting through, forcing companies to pay out ransoms.โ
โThe problem is only going to get worse over the coming months. Cybercriminals are changing the way they are using ransomware attacks, meaning that more traditional ways of protecting data is becoming irrelevant. The old adage of โbackup, backup, backupโ can no longer protect companies. The backup method meant that companies could ensure business continuity even if the data had been taken. However, cybercriminals are increasingly using the data they have stolen to threaten blackmail or push sensitive data into the public arena. This means even if backups have been used the data is still at risk as the criminal still has the data to use as they want.
โAs a result of all this companies must do more to protect data. The cost of paying ransoms is going up and data is being used in new malicious ways by criminals, negating traditional defensive tactics.
โBusinesses must have the ability to detect the movement of data in real-time. Seeing when gigabytes of data are disappearing and reporting this immediately is going to be critical. Stopping the data going in the first place must be the priority rather than a reliance on back-ups or having to pay out on huge ransoms fees. Data stolen must be effectively encrypted as well. This means that it is all but worthless to the cybercriminal even if they can get their hands on it. Embedding security into the data layer, rather than just on the perimeter is another priority.”
