Ever since the Bitcoin boom, cryptocurrency has become a global phenomenon, and it’s here to stay. Unlike fiat currencies, cryptocurrency isn’t regulated by a central bank or government. Consequently, anyone with a digital wallet can process payments without a middleman involved. It is for this exact reason that the payment system holds major appeal for cyber criminals: the absence of traceable bank details means cryptocurrency is an ideal means of collecting ransomware victims’ money.
A year after WannaCry, ransomware remains one of the top security concerns and a major threat to organisations across the UK. This might be down to the fact that, according to Europol, at least 200,000 victims suffered detrimental effects after this malware attack—keeping it top of mind. In fact, new Code42 research, reveals that t nearly a fifth (19 percent) of CEOs recognise ransomware as the most prolific threat amongst all internal or external security threats. But with this mind, how many companies are actually taking the initiative to ensure their corporate data is not only protected, but easily recoverable should the worst occur?
The answer to that question might alarm you. Instead of focusing on prevention and recovery driven solutions, and according to Code42’s research, the threat of ransomware and other cyber attacks has led nearly half of IT leaders (48 percent) and 73 percent of CISOs to actively stockpile cryptocurrency for the sole purpose of paying a ransom. So, instead of focusing on changing security strategy, it appears that some security and IT leaders are focusing on shoring themselves up for what should be a last resort. No company should pay ransomware, and even fewer should be preparing to have to do this.
Cash you shouldn’t need to flash
Hoarding cryptocurrency is an irrational response to the threat of ransomware. And it gets worse—the amount of security and IT leaders who have admitted to having paid out to cyber criminals, in order to recover their data after a ransomware hit, may just leave you speechless.
More than three-quarters of security and IT leaders and CISOs (78 percent and 79 percent respectively) have made payments to cybercriminals in the last twelve months. That’s 78 percent of organisations that are placed in vulnerable positions by IT leaders who are under the impression that paying a ransom guarantees the safe return of corporate data. Unfortunately, this is no guarantee and certain strains of ransomware will even double down after payment is made. Only through the correct combination of strategy and tools can ransomware be entirely mitigated—never by a crypto-based contingency plan.
Encryption isn’t enough
Security and IT leaders also make the assumption that encryption is enough to safeguard corporate data/intellectual property. This is, however, yet another trap that many organisations fall into. More than two-thirds of IT leaders (67 percent) and 77 percent of CISOs are under the assumption that encryption is the only viable route to safeguard corporate data. It’s almost illogical for IT leaders to encrypt corporate data when the company isn’t equipped to recover data should a ransomware attack strike. Despite the importance of encryption, organisations must recognise that encrypting your company data holds short of value with the absence of data recovery.
Visibility is power
The only way to fully dispose of the need for stockpiling in the first place is for IT leaders and CISOs to change their cyber security strategy. They have to accept that, instead of focusing on prevention only, they require a comprehensive strategy that mitigates risk. Through a combination of employee training, data security awareness, tools and processes, an organisation can ensure a smooth recovery should the worst occur and ransomware strike.
For this reason, organisations should look for solutions that ensures data is constantly backed up to an external location, such as the cloud or secure on-premise storage. With the correct solution in place, companies are granted the ability to restore their data in minutes, while leaving ransom payments out of the equation. Instead of having to spend hours or even days duplicating or even redoing lost files and folders. With the technology now available to us, doesn’t every organisation deserve the luxury of having an undo button?