The three constraints on Influence Operations - Digital Threat Digest
![Double circle designs part4](https://pgi.imgix.net/assets/uploads/images/Blog-posts/Double-circle-designs-part4.png?auto=compress%2Cformat&fit=crop&fm=webp&h=349&ixlib=php-3.1.0&upscale&w=349&tone=light)
Not a month goes by that we don’t see that another organisation has suffered a ransomware attack. In fact, in the last month we’ve even seen global car manufacturer Honda become a victim, along with several lesser-publicised organisations, including the city of Florence, Alabama in the US.
A recent global study done by Veritas Technologies found that 40% of consumers hold business leaders personally responsible for ransomware attacks. Why? Ransomware attacks (and, in turn, cyber security) are being covered more and more by mainstream media and there have been so many high-profile attacks, it’s hard to ignore. Just look at Travelex over the 2019/2020 new year period. This type of coverage may be one reason why consumers are apparently becoming less forgiving of businesses who do not take the risk seriously.
The Veritas Technology survey found—leaving aside a minority (9%) of the 12,000 respondents who would want to send the CEO to jail—65% would want compensation and 44% indicated that they would stop buying from a company that had been the victim of such a crime.
So, what should companies do in the wake of a ransom demand? The opinion from most cyber security experts and law enforcement agencies is that paying up:
Despite this, it appears that many victims decide there is less of a financial burden by paying their attackers to retrieve data, rather than attempting to recover. The 2020 Hiscox Cyber Readiness Report found that of the total respondents that had experienced a ransomware attack, 16% paid a ransom—with combined losses adding up to $381 million. Luckily, the rest of the organisations had backups that meant they could rebuild without resorting to paying a ransom.
Meanwhile, the Veritas Technologies study found that 71% of the respondents wanted companies to make a stand and refuse to pay a ransom. That position changed however when their own personal data was at risk—55% then wished their suppliers to actually pay.
It’s not just commercial organisations, like Honda and Travelex, who face this tough decision in the event of a ransomware attack. In the US in particular, a number of cities and municipalities have been targeted in recent months and, although a resolution was passed by the United States Conference of Mayors (USCM) just last year which agreed to ‘stand united against paying ransoms in the event of an IT security breach’, the number of ransom payments being made suggests that many cities are choosing to ignore it. The Hiscox Report showed that of US organisations that fell victim to a ransomware attack, 18% paid their attackers (higher than the global average). Just last week, the city of Florence in northern Alabama agreed to pay US $300,000 worth of Bitcoin to hackers who had compromised and encrypted its computer systems.
The most effective way for organisations and senior leaders to avoid this dilemma altogether is prevention. This is not new advice and you’ll likely have heard all of this before; but there’s a reason for that. It works.
Our team of information and cyber experts provide a range of training, information security and technical security services to help you manage the risk of ransomware.
Contact us to talk about how we can help.
As I waited for my flight to be rescheduled during last week’s IT outage, I listened to fellow passengers wonder aloud how a company whose name has never hit their radar could have such an impact on such a spectrum of day-to-day matters.
If you don’t know who Nara Smith is, I’m sorry to say you may just be living under a rock. Nara Smith has simply taken over my Instagram and TikTok feed with her ‘what I cooked for my husband today’, ‘what my toddlers ate today’ or my favourite video format, ‘my husband was craving [insert insane request] so I made it from scratch’.
Explaining how digital incidents severely impact the real world can be difficult, but we are increasingly seeing cyber incidents that illustrate how malicious actors can impact our daily lives.