Being on guard can be exhausting in any situation. Learning behaviors that can offset the risk of danger can help, but it isn’t always a failsafe solution. Such is the case with ransomware. You need to know the signs to look for when it comes to dangerous links in phishing emails, attachments that seem like they could be legitimate, or scams that direct you to a fraudulent webpage so that you can avoid potential catastrophe. This can be done via ongoing training programs and keep you constantly learning new approaches and tactics as they change (which is constantly!)
One of the problems that we don’t tend to focus on with ransomware is that it isn’t a one-and-done scenario. If you get foiled by a criminal and are forced to pay a ransom for access to your data, there’s no guarantee that:
- they will release your network or data from their hold
- they haven’t already exfiltrated your data before encrypting it
- it won’t happen again
Trusting a criminal is like gambling. The odds are never entirely in your favor; despite what you may want to believe, you are taking a chance.
So, if we are part of an attack, is it wise to pay the ransom? The White House’s National Security Council strongly advises against it, stating, “the administration has been evident: Private companies should not pay the ransom. It encourages and enriches these malicious actors, continues the cycle of these attacks, and there is no guarantee companies get their data back.”
Ireland’s Health Service Executive (HSE) recently took the approach of not negotiating with cybercriminals and making the ransom payment, a decision that many praised. The outcome was that the hackers handed over the decryption key, but they published stolen patient data.
So, what can we do in the fight against cybercrime?
We must give it our best effort to stay one step ahead and lean the odds in our favor. Don’t take a chance by being unprepared. Strengthen your cybersecurity posture as best you can so that you have more than lady luck on your side when it comes to fighting off the risk of a data breach and an attack on your business.
Pendello Solutions has the proper training programs to help strengthen your security posture. Prior preparation is the most robust defense to avoid falling victim to a ransomware attack. Contact your Pendello Solutions team today to learn more about ongoing cybersecurity and compliance training.