Hold your hoarding – why you should never pay a crypto ransom
September 5, 2018
Vendor View: Richard Agnew, EMEA VP at Code42 on how the lack of effective data security strategy drives crypto-hoarding.
It’s not a secret in the data security industry that the strategy some companies have for dealing with ransomware incidents is simply paying the ransom and hoping for the release of their data. However, the actual numbers are quite shocking.
According to the recently released Data Exposure Report, commissioned by Code42, nearly three-quarters of CISOs (73 percent) admit to stockpiling cryptocurrency in order to pay off cybercriminals in case of a ransomware attack. And this isn’t just a matter of saving for a rainy day. Nearly four out of five of those CISOs (79 percent) have made payments to cybercriminals in the last year.
What’s so staggering about these results, which come from a survey of nearly 1,700 business and IT leaders in the U.S., U.K. and Germany, isn’t that pandering to cybercriminals is happening. What’s so dismaying is the ubiquity with which it appears to be happening. This isn’t a few unlucky organisations whose idea of data security is the pre-installed virus protection program that comes with a new endpoint device. These are companies with at least 250 employees—most of them with at least 1,000 employees. These are the types of companies that will contribute to what Gartner estimates is the nearly $100 billion that will be spent on data loss prevention in 2018.
So, what’s going on here? Since the data security perimeters they’ve created aren’t preventing ransomware from entering their organisations, these companies feel they have no choice but to pay the ransom and hope they get their data back. This reasoning isn’t completely flawed. It’s true that cybercriminals are working just as hard to develop intractable strains of malware as we are to prevent them. Cyber threats are evolving faster than prevention-only data security perimeters can keep them out.
There are several problems with this strategy, however:
It’s not reliable. There’s no guarantee that you’ll get your data back if you pay the ransom. These are criminals you’re dealing with.
You become a target for more cybercrime. Once cybercriminals know you’ll give in to them, they may continue to target you in the future, potentially with bigger ransoms and more complex malware.
You’re contributing to the overall problem. Some governments refuse to pay ransoms for kidnapping because they believe it’ll only invite more kidnappings. Using the same reasoning, companies that pay cyber-ransoms are only perpetuating more ransomware attacks.
And probably the worst problem: it’s wholly unnecessary. Companies that hoard cryptocurrency and make ransom payments a contingency plan have an ineffective, outdated security strategy that doesn’t make use of the tools and technologies available.
So, in a world where the billions companies are spending on data breach prevention security strategies are coming to naught, what’s a company to do?
It’s time to change your strategy and get some new tools. Most IT leaders already know this. And they even know what changes to make. According to our findings, 72 percent of CISOs believe their company has to improve its data breach recovery ability in the next year. They understand that, while there will always be a place in a security strategy for breach prevention, they must also have tools and processes in place to quickly get back up and running in the event of a breach—without paying a cyber ransom.
The good news is, tools and strategies that can mitigate ransomware—even in the event of a breach—exist. Here’s how it works:
First, accept the reality of human behaviour within your organisation. Even with the strongest, most stringent data security policies in place, employees will create vulnerabilities. Whether through downloading unapproved software, opening suspect emails, or saving files outside of approved company storage, employees will engage in behaviour that makes life easier for them, even if it puts your company at greater risk.
Second, get data security tools that allow for full visibility into all data—including on company endpoints. Data that resides only on employee endpoints is particularly vulnerable to ransomware and malware attack. There’s a misguided belief among some IT leaders that endpoint data isn’t as important as that housed in official company storage. According to our research, however, 71 percent of IT leaders say losing all corporate data on endpoints would be business-destroying or seriously disruptive. A backup and restore program that continuously backs up data—even when endpoints are offline—makes it possible to restore data in the event of a breach. That means you need never consider paying a cyber-ransom again.
Third, change your data security strategy from one based on hopes and crossed fingers to one based on reality and proven tools. Rather than trying to do the impossible—prevent every single ransomware from infiltrating your company via careless human behaviour—learn to be resilient in the face of breaches. Use strategies and tools that address breach prevention and breach recovery. That way, you’ll keep out malware that can’t get past your security perimeter, and render impotent the ones that do get in.
Hoarding cryptocurrency as a contingency plan in case of a ransomware breach is the sign of a larger problem within a company: the lack of an effective data security strategy. With the right tools and a strategy that includes data recovery, companies can operate safely and effectively in the current cyber threat landscape.