Ransomware is growing at an annual rate of 350% according to the Cisco 2017 Cybersecurity Report with global ransomware costs predicted to reach $5bn this year, up from $325m in 2015 – a 15X increase. Dr Sandra Bell, our head of resilience consulting (Europe), has written a thought-provoking white paper on this growing problem.
In the paper, she sets out the four crucial facts every CEO should know about ransomware, which you may find helpful in countering this threat. For instance, it's vital to recognize that unlike other forms of cyberattack, ransomware targets your people – not your IT system, which is merely the delivery mechanism for the ransom note. A ransomware demand will only work if your people crumble under the pressure of psychological manipulation and pay a ransom.
Sandra Bell explains, "Locking down the IT system and the data it contains will reduce the likelihood of it being held prisoner but as no security is 100% effective, it's important to pay attention to protecting the target – your employees." She points out that, in any event, "a ransom note only has to convince the target that something has been taken prisoner, rather than actually take it prisoner, for them to act."
Secondly, for a ransomware demand to work what is being held to ransom must be valuable to you. When you think about it clearly and logically – not always easy to do in the immediate panic created by a ransomware demand – it should not be possible to hold data to ransom by withholding access to it. Data, unlike a person, is easily copied or cloned and therefore if you always have a copy (or the ability to create a copy) there is no point in paying a ransom to have the original released. Equally, most of us are able to access our data through multiple devices, which means that simply blocking one access route should not prove catastrophic.
The paper goes on to explain that individuals working in isolated work environments are more susceptible to psychological pressure and this risk can be reduced by fostering a supportive corporate culture that reduces the feeling of real or perceived isolation.
Finally, while it is essential to have a solid backup strategy and effective business continuity and disaster recovery arrangements in place, this is not enough. Your response is likely to be unsuccessful unless you also have the crisis leadership skills and knowledge to be able to adapt your response in real-time and lead the organization through the complex, uncertain and unstable environment created by a large-scale ransomware attack.
Organizations that are most successful at managing the ransomware risk have recognized that much can be done to safeguard their people from becoming targets and have taken a proactive stance at a top level to preventing their organization becoming yet another ransomware victim.