It’s hard to read the news at the moment without ransomware being mentioned. For example, I typed “ransomware” into Google News this morning and got more than 1 million hits in 0.23 seconds. Even when I limited my search to the past 24 hours it returned over 6 pages of links. Therefore, with so many experts writing things that are sufficiently interesting or important to feature as “News” – why has the problem not yet been solved?
A hasty, and totally unscientific, investigation of some of the links that Google offered me has drawn me to the conclusion that we appear to be trying to use an old-fashioned strategy to deal with a modern problem.
Ransom is the practice of holding something or someone of value prisoner and asking for money or property from someone who has sufficient means to pay to secure their release.
The historic strategy against ransom is to deploy security measures to protect the valuable asset or person from becoming a prisoner. However, if you think about it logically, information assets don’t have to be unique – which means there is an alternative way to defeat the ransom threat.
There are a number of other significant differences between the old and new ransom threats and here are the four main ones that every CEO should know:
Difference 1: Ransomware targets your people not your IT system – your IT system is just the delivery mechanism.
Locking down the IT system and the data it contains will reduce the opportunity of it being held prisoner but, as no security is 100% effective, and, in many cases, a ransom note only has to convince the target that something has been taken prisoner rather than actually taking it prisoner, for them to act, attention must also be paid to protecting the target.
Difference 2: Ransomware works by preventing access to something your people want (now).
Data and IT systems have a significant advantage over more conventional potential ransom prisoners, such as people or goods. Their value and attractiveness as ransom prisoners can be reduced by simply copying them. While the only option for goods and people is to deploy security measures to protect them, data and IT systems can also be protected by duplication, which is not only cheaper but also more business-friendly.
Difference 3: The psychological factors work best when the target is isolated – you may want to work on your corporate culture and/or have more visible IT support
Ransomware uses complex psychological tactics to get their targets to take inappropriate action such as paying for the release of something where a copy already exists or the unlocking of an access route where other free access routes are already available. Such tactics work best if the target is isolated. Therefore, the threat can be significantly reduced by simply fostering a corporate culture that reduces the feelings of real or perceived isolation.
Difference 4: Good defense is essential, but you will need to react in real time to defeat this threat.
The final difference is that the attack is almost always still taking place when you launch your response and recovery. As any military commander will tell you “plans rarely survive first contact with the enemy”. This means that if you only have a single response plan, without the means to deviate from it, your opponent will quickly learn what it is and overcome it. In short, you will become a victim.
Therefore, while it is essential to have a solid backup strategy, and decent Business Continuity and Disaster Recovery arrangements in place, your response will be unsuccessful unless you also have the Crisis Leadership skills and knowledge to be able to adapt your response in real-time and lead your organisation through the complex, uncertain and unstable environment that would be created by a large-scale ransomware attack.
To find out more or for help developing a ransomware strategy for your organisation with one of our expert consultants, click the red button at the top of the screen to schedule a call.
The actual target is the IT user, if the target is your business, than you are the victim.