Capitals need to be removed from cyber attacks

Credit: Adobe Stock

It seems a bit tough to question whether companies that have recently been victims of armed robbery also suffered “reputation risk” as a result of the incident.

Still, if a company or public entity is hit by a cyberattack, this is often one of the first considerations for the organization in question, and a spectator in the media and broader tech sectors.

The generally accepted wisdom that suffering from a cyberattack undermines public perception can bring about a culture of secrecy and shame. The first instinct for many organizations is to downplay any breach, or better yet, to hide it from the public eye.

Studies show that more than half of companies hit by ransomware attacks pay attackers. Many do so without the incident coming to light. In most cases, payments can be thousands of pounds, or at most tens of thousands of pounds.

But last year alone, there were three cases where ransoms of more than $ 4 million were paid in the light of cyberattacks.

Relevant content

The largest of these, $ 4.5 million (£ 3.2 million), was paid by travel specialist CWT Global last summer. This was followed by a $ 4.4 million ransom payment in 2021 by both the US Colonial Pipeline oil company and the German chemical distributor Brentag.

When asked, the majority of corporate and public sector costumes claim to never pay a ransom. In most cases this seems to be an inaccurate prediction.

Perhaps, to be a little more honest about how often organizations (all organizations) suffer from cyberattacks and the severity of the consequences, the stigma could be removed a bit. And, along with it, fear of what is seen as an inevitable loss of reputation.

A more open culture, including details of the attack and willingness to share exploited vulnerabilities, will not only help remove the shame and secrets associated with current cyber incidents, but will also bring the perpetrators to justice and prevent future attacks. It is also useful for.

Returning to the analogy at the beginning of this work, if a criminal organization commits a series of armed robbery, authorities will try to publish as much information as possible regarding the details of the case and the perpetrator’s tactics. This work will undoubtedly be gladly helped by the victims. Most often this is from both the desire to see the criminals brought to justice and perhaps the desire to recoup some of their losses, but from the suffering they had with other companies. It is also from an altruistic desire rather than a desire to save.

But in the cyber world, the stigma of suffering from intrusion means that organizations are very pleased to escape the profits that attackers didn’t get if the incident meant receiving minimal publicity. Means. all. This means that important intelligence about the exploited attacker’s methods and vulnerabilities (information that could prevent or at least mitigate future incidents) is lost.

The amount and sophistication of recent attacks inevitably suffers from occasional infringement. But at the same time, a slight change or enhancement of defense, or constant awareness and diligence of the staff, could have prevented almost all successful attacks.

A more open culture, ideally as close to real-time as possible, where organizations share information about attacks and attackers, not only helps mitigate the stigma of suffering from cyber breaches, but decisively, Future assaults that could seriously prevent attempts to launch similar attacks.

It is not shameful to suffer from a cyber attack. But it’s a shame that so many people are being washed under the carpet. This means that so many people are allowed to follow.

This article works with Akamai to form part of Public Technology Cyber ​​Week. Throughout this week, the site provides insights into the major security issues facing the public sector and across the country, how these challenges are resolved, and how governments and regulators can support them. We provide various contents to introduce. this. We will also hold an exclusive webinar discussion to discuss the challenges NHS Digital has faced over the last 18 months, ensuring service resilience in the face of unprecedented demand. All Cyber ​​Week content can be accessed here.

Source link

Sign up for our daily Cyber Security Analysis and Threat Intelligence news.