Few businesses would own up to being the victim of a ransomware attack. It would mean telling customers and clients somebody had breached their security and let malicious software loose that had encrypted their files. And that the only way to get them back would be to hand over the amount demanded by the perpetrators.
Of course, many are reading this thinking it would never happen to them. Ransomware attacks are for the big guys, the ones with money, the ones who grab attention. And, after all, their security is up to scratch. Isn’t it? That kind of overconfident thinking could spell trouble though, especially when teamed with businesses’ constant drive for innovation to stay ahead of the competition.
Speaking to the Secure Computing Forum yesterday about striking the delicate balance between innovation and security, security expert Simon Moor pointed out that things are a lot more complex these days.
“Organisations want to take advantage of cloud services or mobility. They want to expand the supply chain,” said Checkpoint’s head of the UK and Ireland.
All of those are normal business decisions that people have to make, but all of them encompass an element of risk. And prevention is better than cure. The current strategy involves reacting to attacks, but Moor pointed out it often means somebody, somewhere, has to fall victim to malware before it is recognised. Having effective strategies in place to try to minimise the chances of such attacks hitting a company is better than trying to repair the damage afterwards.
It may also be time to start changing how we look at attacks on companies. Although companies have certain responsibilities towards their customers and protecting their data, those who do fall victim to attacks shouldn’t be ostracised.
Moor likens it to a burglary: you wouldn’t blame a homeowner for being a victim of crime and perhaps it’s time to start looking at malware and other attacks in a similar way. As previous campaigns have reminded us, it’s good to talk, and if companies are staying silent amid fears that they will alienate customers and damage their reputation it helps no one.
After all, he warned, it’s inevitable that many of us will be hit by malware at some stage. Education, he says, is critical.