Ransomware: cure is better than prevention?

COVID-19 made the number of digital hostage situations peak in 2020. “Our own fault,” wrote Phished-founder Arnout Van de Meulebroucke in October 2020 in an opinion piece on VRTNWS, the Flemish public broadcasting corporation: as companies continue to pay ransoms, hackers continue to target companies that want to pay them. A vicious circle that keeps on spinning.

What is ransomware?

Ransomware is a piece of software that encrypts computers and files so hackers can demand a ransom to decrypt the data. The most famous example of ransomware is WannaCry, dating back to 2017, which made over 200,000 victims.

More and more insurance companies are offering contracts that protect against possible damages caused by digital attacks. Organisations subscribed to such a safety net may breathe a sigh of relief when they fall into the clutches of hackers, but it also has a dangerous side effect: they will spend less time looking for solutions other than payment.

The organisation loses less money, it takes less time to restart and all data remains intact. Risks are reduced, back-ups are not lost… Insurance companies seemed to thrive.

Seemingly, because meanwhile these insurances are becoming more expensive. More people are working from home and are still regularly left to their own devices, without proper guidance from their employer. The right tools are not always made available and training on cybersecurity is not provided. The result is an increase in the number of hacked employees and organisations.

Those who subscribe to such insurance policies naturally get more than just a refund. An assistance team stands by the victim with both advice and procedures to keep the amount payable as low as possible and at the same time limit the downtime of the victimised organisation as much as possible.

However, because the number of companies and people affected by hacks has increased significantly over the past year, insurance companies are gradually taking a different approach. The requirements to be insured are becoming stricter and insurance premiums are becoming more expensive by up to twenty percent.

Almost all organisations today are equipped with modern firewalls and antivirus programmes, but they often lack training and assistance for employees. The employee is the first and last wall of protection against hackers. Why would hackers target systems if – well-meaning yet unsuspecting – people let them in?

If you look at the successful cyberattacks of recent years, you will quickly realise that it are people (and not systems) that allow themselves to be caught by phishing mails. Out of curiosity, impatience and even… helpfulness.

That’s why we need to do more to raise awareness, recognise the dangers and how to deal with them. It sounds harsh, but we have to make our people face the facts more often. If the employer does this, there will be no consequences; if we let criminals take over, the consequences may be dire.

The message is clear: employers, put your employees to the test, try phishing them yourself and provide training. Do it today and save yourself the ransomware problems of tomorrow. Raising awareness is our only remedy for now, because hackers will show no mercy. You can try to cover your business by subscribing to specialised insurance contracts, but that option is rapidly becoming less attractive.

The most cost-effective measure you can take today is to protect yourself by training your employees. To do that, we are here to help. With advice, knowledge and proven trainings.