To pay or not to pay – that’s the question as ransomware attacks rise

/in


THERE is rarely a day that goes by when there isn’t a major local, national or international story about a well know organisation being hit by a cyber attack that has huge potential to disrupt the business and damage their brand.

In the past few weeks alone we’ve seen Eurovision fans in a panic after Booking.com announced some of its hotel partners had been targeted by phishing scams; high street retailers WH Smith and JD Sports revealing that employee and customer data had been accessed by hackers; and perhaps most notably Royal Mail being hit with a huge ransomware demand by predominantly Russian speaking crime groups which had blocked access to critical files and stolen huge amounts of sensitive data.

It’s clear that the cyber threat continues to evolve and increase, and ransomware attacks are becoming particularly prevalent, with increased targeting of business and industry in Europe and the UK, often by ransomware groups influenced by geopolitical factors such as the Ukraine war.

But it’s not just the number of attacks increasing, we are now seeing is the criminal marketplace in cyber-crime continuing to mature and develop, much the same way a legitimate industry might. The deployment of access brokers and affiliate business models means this is a complex threat that cannot be easily defeated or disrupted.

For businesses and large public sector organisations the focus needs to be on how to protect themselves, prepare and have a plan in place to respond to an inevitable attack. This applies equally to businesses Northern Ireland as in any other location around the world.

Baseline protections of ISO governance, basic cyber essential certification or installation of firewalls and anti-virus protection are useful and beneficial but given that an attack of any scale will lead to a business crisis, it’s now important to go beyond that, with effective network monitoring and alerting, cyber incident response planning and exercises involving people at Board and executive level to make sure you are prepared to deal with all eventualities.

The response to a cyber attack is a…

Source…