It’s everywhere, popping up all over the place, seemingly out of control.
Ransomware is a particular nasty form of cyber attack where an employee (or maybe even you!) is duped into clicking on a fake popup advertisement or visiting an infected website,,,,,
…And that’s when all hell breaks loose:
The bad guys hold your computer, your data and basically your company hostage, and demand payment to release your files.
Companies are usually at their wits’ end by the time they realise there is not much hope, and often pay up in the hope that they’ll get back to business as usual as quickly as possible.
But paying a ransom means negotiating with criminals who could extort more money from you and still not release your information
The US Assistant Attorney General for National Security, John Carlin, recently criticised companies for caving into ransomware demands. “As long as people are handling ransomware attacks on their own and making payments, we’re funding the development of more of these tools and more of these actors,” he said, adding that better communication between law enforcement agencies and companies could help prevent ransomware attacks.
Lack of confidence in law enforcement agencies
In response to this, SANS institute contributor Dr Johannes Ullrich said that companies generally do not have the confidence in law enforcement agencies to assist them fast enough. “People pay for ransomware for the same reason that they pay ransom in kidnappings: They don’t believe law enforcement is efficient in countering the threat fast enough. In order for law enforcement to become relevant to ransomware victims, law enforcement would need to take an active role in helping victims restore operations.”
Ransomware attacks can be beaten
Taking simple precautions to protect your information and maintaining vigilance are the best ways to avoid becoming a victim of ransomware attacks.
There are some simple lessons to be learnt from this. The most important is to be aware of your cyber risks and then take the appropriate actions to reduce them.
The risk assessment is a foundational activity for any company looking to improve their security and risk posture.
Reputable risk assessment software presents an effective way for companies to conduct a productive risk assessment.
- A library of typical ‘at-risk’ information assets.
- A set of threats and vulnerabilities, assigned to each asset group.
- A full set of mitigating controls, taken from ISO 27001:2013 and applied to each set of risks.
- A comprehensive suite of customisable policies and procedures, applied to each risk that can be used as evidence of controls implemented.
- vsRisk Multi-user allows up to 10 risk assessors to participate in the risk assessment simultaneously across the organisation.
Find out how you can get the most out of your cyber risk assessment now >>