UK CISOs are cowing to ransomware demands more than you think heres why they shouldnt pay up ITPro

pWhen you purchase through links on our site we may earn an affiliate commission Heres how it worksppOrganizations that pay ransomware demands are perpetuating a multibillion dollar industry and fueling future attacksppOnethird of UKbased CISOs have confessed to paying ransomware groups millions of dollars in recent years in a bid to alleviate the impact of an attack according to new research ppAnalysis from security firm Trellix found fourinten UK CISOs have managed a ransomware attack in the last five years and in every single case their organization opted to payppTrellix found that onethird of CISOs paid between 5 million and 15 million for a ransom demand while 13 paid between 10 and 15 millionppThe minimum ransom paid by all UK businesses across a five year period stood at around 250000 the study foundppTrellix said its research underlines the stark realities of ransomware attacks and the impact they have on organizations across a host of industries globally Faced with the monumental task of remediation and regaining access to data many simply opt to pay upppppHackers are deliberately poisoning AI systems to make them malfunction and theres no way to defend against itICO fines topped 14 million in 2023 amid crackdown by regulator on data protection standardsNSA Benefits of generative AI in cyber security will outweigh the badppThe impact of a ransomware attack is stark said Fabien Rech general manager and SVP EMEA at TrellixppBusinesses are not only at risk of losing sensitive data but there are also significant financial implications associated with paying the ransom Our research is a sobering reminder of the vast scale of the issue with all UK CISOs confessing that their businesses paid the demand to protect their datappThe research found that wellestablished cyber criminal groups such as AlphVBlackcat and LockBit are continuing to target businesses of all sizesppSophisticated statebacked adversaries are also ramping up campaigns the study found More than 668000 ransomware attacks were recorded in Q3 2023 aloneppIts crucial for UK businesses to bolster their defenses and invest in the right technology if they are to successfully defend against ransomware attacks Rech saidppBy implementing a security architecture that can readily adapt to emerging threats organizations can better mitigate against attacks and protect their data and their bottom lineppRansomware payments have become a contentious issue of late Last year the USled Counter Ransomware Initiative CRI agreed to never pay ransoms to hackers in a bid to tackle global cyber crime ppOver 40 countries have pledged their support for the CRI which aims to stem the flow of funding to sophisticated ransomware gangsppBut the question of whether or not to pay has sparked controversy in the security industry of late amid calls for companies to be sanctioned for paying upppLast week Emsisoft called for a blanket ban on ransomware payments suggesting that this tactic represents the only realistic approach to completely stamping out ransomware gang activitiesppppDiscover the benefits that wait for you when you connect processes applications and the data that run the supply chain

DOWNLOAD NOWppThe only solution is to financially disincentivize attacks by completely prohibiting the payment of demands At this point a ban is the only approach that is likely to work said Brett Callow threat analyst at EmsisoftppThe call to action from Emsisoft prompted a backlash from some industry stakeholders who warned that governmentimposed bans on complying with demands risk criminalizing victims and could result in a reluctance among firms to disclose breachesppSpeaking to ITPro at the time Dominic Trott director of strategy and alliances at Orange Cyberdefense said a proposed ban would shift the focus of criminality from perpetrators to victimsppCriminalizing ransom payments could shift the focus of criminality from the perpetrator to the victim and set off a chain of unintended consequences such as a reluctance to report breaches he saidppppThe end of ransomware payments how businesses fit into the fightppWhether criminalized or not businesses should not pay the ransom demanded of themppProposals to implement a blanket ban on ransom payments were rejected in the US last year although calls are now being made to reconsider the approachppTrellix CEO Bryan Palma said the question of whether to meet demands is often a difficult decision for a business to make As such its the responsibility of the cyber security industry to create a safer environment for firms to operate in ppBalancing what to do can be challenging It is an organizations decision with laws and regulations to consider and not one to make lightly Policy leaders recognize the risks he saidppAs an industry we need to pursue a holistic approach to combat this issue One focused on comprehensive cyber security resiliency publicprivate collaboration and threat information sharing The result is safeguarding both corporate and national security interestsppReceive our latest news industry updates featured resources and more Sign up today to receive our FREE report on AI cyber crime security newly updated for 2023ppEmma Woollacott is a freelance journalist writing for publications including the BBC Private Eye Forbes Raconteur and specialist technology titlesppRansomware victims are being offered payment extension plans as groups ratchet up pressureppUK finance firms faced a torrent of ransomware attacks in 2023 as threat actors ramped up activitiesppGPU memory vulnerability could allow hackers to access LLM responses and Apple Qualcomm and AMD products were all at riskppBy Daniel Todd18 January 2024ppBy George Fitzmaurice18 January 2024ppBy Solomon Klappholz18 January 2024ppBy Steve Ranger18 January 2024ppBy Steve Ranger17 January 2024ppBy Steve Ranger17 January 2024ppBy Solomon Klappholz17 January 2024ppBy Daniel Todd17 January 2024ppBy George Fitzmaurice17 January 2024ppBy Emma Woollacott17 January 2024ppBy Solomon Klappholz17 January 2024pp
Posted
pp
Posted
pp
Posted
pp
Posted
pp
ppIT Pro is part of Future plc an international media group and leading digital publisher Visit our corporate sitepp
Future Publishing Limited Quay House The Ambury
Bath
BA1 1UA All rights reserved England and Wales company registration number 2008885 p