4
Ransomware: To Pay or Not to Pay (www.helpnetsecurity.com)
you are viewing a single comment's thread
view the rest of the comments
[-] Sparkega@lemmy.world 2 points 1 year ago

I agree with the author's solution to organizations of protection and resilience and that paying ultimately hurts everyone. If everyone refused to pay, we may see these types of attacks diminish.

The challenge to cyber security professionals will always be the convincing senior leadership to understand why not paying is better in the long run.

Having that conversation in the moment is too late. There needs to be a cyber attack response plan communicated and approved before disaster strikes.

Even so, there will always be the friction of cost. Senior leaders will weigh the cost of paying to the cost of downtime/repair and the social stigma if your company provides a service to customers. If your original argument isn't strong enough, cost will win.

One more point is paying is also a systemic issue. Cyber insurance is becoming popular for business. What we have seen with some insurers, their solution for ransomware is coverage to pay the ransom, perpetuating the problem.

Good point about the cyber-insurance aspect of things perpetuating the problem.

I don't have hard data but I believe this will be a thing of the past soon enough. With ransomware being so common an issue now & the requirements to obtain said insurance getting harder to meet, I could see that not being a viable or cost-effective solution to restoring service.

[-] Sparkega@lemmy.world 1 points 1 year ago* (last edited 1 year ago)

I hope you're right that it does phase out. Here is evidence that having cyber insurance makes you more of a target.

DS: Do your operators target organizations that have cyber insurance?

UNK: Yes, this is one of the tastiest morsels. Especially to hack the insurers first—to get their customer base and work in a targeted way from there. And after you go through the list, then hit the insurer themselves.

Interview

That is an excellent interview ... Thanks for sharing.

That certainly adds to the whole problem with payouts.

this post was submitted on 17 Aug 2023
4 points (83.3% liked)

Cybersecurity News

1326 readers
1 users here now

Welcome to Cybersecurity News!

A community that collect news and other tidbits related to cybersecurity in all its domains.

There are no hard and fast rules regarding what to post here-- we are fine with both pop news articles and more technical pieces regarding cybersecurity.

We use a bot called flynnbot to repost some rss feed content but the majority of posts are human-curated.

New to Cybersecurity?

Here are some resources to get you started:

Related Communities

!security_cpe@infosec.pub
!cybersecurity@zerobytes.monster
!packetstorm@zerobytes.monster
!security@programming.dev
!secops@lemmy.world
!cybersecurity@sh.itjust.works
!netsec@zerobytes.monster
!securitynews@infosec.pub
!cloudsecurity@infosec.pub
!netsec@links.hackliberty.org
!cybersecurity@infosec.pub
!cybersecuritymemes@lemmy.world

founded 1 year ago
MODERATORS