The Big Debate: Paying a Ransom

Ransomware continues to be a topic of discussion as more attacks become headline news. Two weeks ago, it was Colonial Pipeline, and now the same ransomware gang that disrupted Colonial, hit Toshiba Tec Corporation, a manufacturer of printing and office equipment.

Ransomware is a popular type of cyberattack because threat actors have become experts at evolving their tactics and techniques to evade detection. The COVID-19 pandemic also played a huge role in the cybercrime spike we’ve seen over the last year and a half. The shift from working in an office to working remotely forced IT and Security teams to quickly shift their priorities. Almost overnight, they had to ensure users could securely connect to whatever resources they needed to stay productive while working from home. A feat not for the faint of heart – and also a huge opportunity for cybercriminals working to identify and target organizations who have less mature cybersecurity strategies.

The idea of your organization going offline, losing terabytes of data or files, or exposing sensitive customer information is terrifying, which is why a lot of organizations decide to pay the ransom. In the case of the Colonial Pipeline, they could not put any oil or gas through their pipelines for at least a week. And according to WIRED, the company paid a ransom of about $5M to restore service more quickly.

However, by paying the ransom, are we fueling an endless spiral of continued attacks? Ransomware attacks are a percentage game. If 10 percent pay, but 90 percent don’t, the ransomware group still turns a profit.

Plan for the Future

Instead, organizations must identify ways they can continue to strengthen their cybersecurity postures. Being diligent at the forefront can significantly reduce your risk of a cyberattack — or at the very least can reduce the impact of an attack.

Organizations should take inventory of what security solutions they have and assess whether they are the truly the best solution for their needs. Here are some questions to consider when reassessing these solutions:

  • Does this solution provide the right combination of security functionality and cost of operations?
  • Do I have the visibility I need into all network traffic?
  • Does it integrate well with or support other applications, like Microsoft?
  • Is this helping improve IT staff productivity, or does the solution require more resources?

For instance, migrating off legacy, on-prem appliances to cloud-based solutions, like the iboss SASE Cloud Platform, is a great way to reduce risk related to security breaches, non-compliance, and revenue-impacting security events. It is well-known that legacy solutions were never intended to be used by a dispersed workforce, while cloud-based SASE solutions can offer secure connectivity, while minimizing hardware and bandwidth requirements.

There is also the risk of leaving your organization vulnerable if legacy appliances aren’t patched regularly. While vendors do provide patches for vulnerabilities, not all organizations and administrators apply them, or apply them immediately, which can lead to breaches if a cybercriminal finds an area of your network to exploit.

It is also important to note that while having a good security posture is key, inevitably someone, somewhere will have a bad day and ransomware will continue to work. Organizations should also have a robust backup and restoration plan that is tested regularly. That system should have multiple iterations of backups that are kept offsite to ensure that things like ransomware will not affect the backup server. Additionally, if your organization becomes a victim of a supply chain attack, this will allow you to roll back to a prior version of software.

A comprehensive recovery process will also include documenting things like how to handle media/PR requests, as well as legal and financial (SEC, for example) ramifications. Being proactive about your network and security strategy can significantly reduce business and operational risk and prepare your organizations if targeted by an advanced attack.

Download the IDC Research Study to learn how iboss can reduce network and security cost and complexity, while increasing security and connectivity for a better user experience.

If you are considering a migration to SASE, check out our ebook in which we outline 5 steps for a successful migration.