With the Covid-19 pandemic still disrupting business operations around the world, a new round of ransomware attacks has made it worse by impacting companies, industries and whole countries.
The year has been characterised by massive, headline-grabbing attacks such as the Colonial Pipeline incident and an attack that brought down all of Ireland’s healthcare systems, among others.
And these are just the attacks that made the headlines, says Garsen Naidu, country manager of Cisco South Africa. Hundreds of other attacks have flown under the media radar, causing untold damage to the victims.
Chief information security officers are scrambling for ways to prevent ransomware attacks from happening to their organisations, or mitigating them if they do strike. CEOs, meanwhile, are grappling with the question of whether they ought to pay the ransom or not.
It’s not really clear how many organisations do cough up the ransom, and whether this guarantees they’ll get their systems back.
In the case of Colonial Pipeline, they did pay out the cybercurrency ransom that was demanded, their systems were restored and the FBI managed to recover a large part of their money.
But this experience is by no means the norm, and organisations are more likely to be further compromised if they pay.
“Bear in mind, these are the very people who have broken into your network, shut down your systems and compromised your business’s very existence,” Naidu points out. “You could trust them, and pay up; but there’s no guarantee that they will keep their side of the bargain.”
Even if they do unlock the data, you are still vulnerable, he adds. “The cybercriminals are most likely still lurking in your systems and probably helping themselves to your data assets.
“And you still have the original underlying security flaws to contend with, which allowed them to infiltrate your system in the first place. Unless you fix those, you are open to further attacks because they are familiar with your network.
“Blackmail is seldom a once-off event,” Naidu says. “There’s nothing to stop them trying their luck with your company again.”
And, even if your data is unencrypted after you pay up, it could well be compromised or corrupted in the process.
“And paying the ransom is just the beginning of what you’ll have to fork out after a ransomware attack,” Naidu explains. “You can expect to pay out even more in notifications, security training, and retooling security platforms to address the root cause of the breach.”
Of course, each organisation has to make the decision on whether to pay based on their own situation, he adds, and every experience will be different.
However, Naidu believes the best solution to the ransomware conundrum is to ensure your systems are as secure as possible, and to have a plan in case of an attack.
“To avoid an attack, try to look at your company the way an attacker would,” he advises. “Get a good understanding of the weak points in the architecture and processes; then prioritise and mitigate vulnerabilities from an attacker’s perspective. Ideally, make yourself a difficult and unattractive target.”
Despite this, nothing is ever 100% secure, so the next step is to develop of plan of action in case your systems do get breached. ”Have a contingency plan ready,” Naidu says. ”And make sure all relevant parts of your organisation are involved – legal, HR, finance, IT, the board and the executive team.”
Get the security basics right
The chances of being hit by a cybersecurity attack are high – and getting higher all the time as cybercriminals develop new and more potent threat vectors.
Indeed, a massive 62% of small businesses can expect to suffer a cyberattack, costing them an eye-watering $1,24-million on average. For large enterprises, the costs are relatively higher.
Cisco helps organisations of all sizes to secure their networks in an integrated and seamless way – without breaking the bank.
“When security products communicate and work together, you get better, less resource-intensive protection,” Naidu explains. ”An integrated platform can deliver indepth analytics, streamlined security management, and accelerated incident investigation and response.”
The Cisco Secure portfolio, based on the built-in Cisco SecureX platform, consists of a broad set of technologies that function as a team. It provides seamless interoperability with your security infrastructure, including third-party technologies. This results in unified visibility, automation, and stronger defenses.
Cisco secure offerings are strengthened by a zero-trust approach to security; unrivalled threat intelligence; integration and openness; and a simplified consumption and buying experience.
The integrated portfolio includes products that can be used to secure the network; users and endpoints; cloud edge; and applications.
Get more information on Cisco Secure here.