Firms told to get real about cyber ransom threats
Paying ransoms to cyber criminals is no guarantee of regaining control of encrypted data, a security expert has warned businesses. Experts have said a surprising number of firms are paying out to ransomware creators, but this does not always mean their files will be decrypted again.
Some companies will simply pay the demanded fee to keep an attack under wraps. “Despite the temptation to pay, organisations should try not give in to the hackers’ demands,” said Webroot’s senior manager for threat research David Kennerley. “Although rare, there have been occasions where payment did not result in the successful decryption of the files.
“Secondly, and most importantly, it fuels the ransomware ‘economy’ and only make it a more attractive form of extortion as the hackers see more success and profits rise.”
Rather than paying hackers’ ransoms, Kennerley advised firms to ensure they have good protection, keep backups of their data and report incidents to the authorities.
A report published today by the Institute of Directors and Barclays revealed that firms need to “get real” about cyber security, as just 28 per cent of cyber attacks are reported to the police, despite nearly half interrupting business operations.
While 91 per cent of business leaders said cyber security is important, only 57 per cent have a formal strategy in place and just 20 per cent have insurance against attacks.
Worryingly, 68 per cent of the IoD’s members had never heard of Action Fraud Aware, the UK’s national reporting centre for fraud and internet crime.
The report’s author, Professor Richard Benham, said: “Cyber crime is one of the biggest business challenges of our generation and companies need to get real about the financial and reputational damage it can inflict.
“The spate of recent high-profile attacks has spooked employers of all sizes and it is vital to turn this awareness into action.
“Customers and partners expect the businesses they deal with to get it right.”
He added that businesses need to plan for what to do in the event of a cyber attack, including notifying the police, to ensure a quick response.
“No shop owner would think twice about phoning the police if they were broken into, yet for some reason businesses don’t seem to think a cyber breach warrants the same response,” he said.
For more on the report, see the Institute of Directors’ website.