To pay or not to pay? Ethics and best practices when dealing with ransomware demands

Paul Rose, Chief Information Security Officer, Six Degrees, asks the question ‘to pay or not to pay?’, and examines the ethical considerations and best practices that organisations should take when dealing with ransomware demands.
The recent ransomware attack on Norsk Hydro has highlighted the risks today's organisations face from cybercriminals, with the firm losing a reported $52 million so far.
The financial damage Norsk Hydro has suffered could be greater as a result of its decision not to pay a ransom to the cybercriminals who launched the attack, which raises an interesting question: should your organisation pay cybercriminals that target you with a successful ransomware attack?
Here are some ethical considerations and best practices that organisations should take when dealing with ransomware attacks.
Also of interest: Podcast - Cyber extortion: to pay or not to pay?

MORE ABOUT: ,