Ransomware is the scourge of our times. No one, it seems, is safe and the number of companies who pay up is, officially, high – and probably a lot higher.
According to Sophos, the security company, the average ransomware recovery cost was $1.85 million in the last year.
That figure highlights that ransomware is a real business problem.
The good news (sort of) is that that level of pay-out will get the attention of every CEO in the world. Or at least should do.
Hopefully, attitudes are changing. A year ago, there was a familiar business way of addressing cybersecurity issues. Increase investment in your sales teams and the increase in revenue will more than cover the cost of ransomware attacks. So that’s OK then.
The other problem with ransomware is that, like all cybersecurity breaches, companies will cover up the breach if they can, rather than report it.
Even apparently breach-proof companies such as Apple are at it. A frustrated security researcher went public with news of four iOS vulnerabilities after he has reported them to Apple, who had not acknowledged them (but quietly fixed one). It was, according to Apple, a flaw in the process and not something that they do.
According to Apple.
Ransomware is now such a big problem that things are beginning to happen, heads are being pulled out of the sand and rules are being introduced to force companies to act.
In the US, Senators are lobbying to introduce a law that will require companies to disclose ransomware attacks, as well as the amount that was demanded the return of the data.
While this is a) in the US and b) likely to take a long time to emerge as a law, it is at least a start.
Too often, when you talk to company bosses, they will wax lyrical about their new and exciting plans and ideas. Too often when you ask whether their systems are bullet-proof, they say ‘of course’ and go back to their visions for the future.
The reality is that, with a third of companies being hit, the vision of the future may never see the light of day, as the vital data will be shared with competitors and customers.
We need new energy as well as new laws, otherwise, ransomware is set to be a thorn in the side of industry for the foreseeable future.