Is it cheaper to pay ransoms and suffer reputational/legal losses, or to install accessible disaster recovery and data backup systems?

In a recent study on ransomware trends, 76% of respondents had paid the demanded ransom to end an attack and recover data, but only 52% were able to recover the lost data, while 24% were still not able to recover it even after paying the ransom. Furthermore, 19% of respondents had been able to recover their own data by without paying any ransom. 

In India, the fintech sector is well protected since it falls under the cybersecurity framework of RBI (Reserve Bank of India). However, the country’s healthcare sector is not regulated by a similar cybersecurity authority: there is less concern for data protection, and that is why the sector has been getting attacked very often, according to Anuj Agarwal, Chairman, Centre for Research on Cyber Crime and Cyber Law.

Agarwal noted: “So there are two categories of companies: one has got proper security mechanisms and adequate endpoint tools in place; the other has got no investments in cybersecurity, so this category thinks it has no choice but to pay ransoms.”

Ransomers cannot be trusted
According to Danny Allan, CTO, Veeam, the firm that commissioned the study mentioned above: “Paying cybercriminals to restore data is not a data protection strategy. There is no guarantee of recovering data, the risks of reputational damage and loss of customer confidence are high, and most importantly, this feeds a self-fulfilling prophecy that rewards criminal activity.”

This advice leads to the question of how firms can become immune to the need to pay ransoms due to their practice of sufficient modern data protection strategies to prevent, intercept and remediate from attacks. 

Allan reiterated: “One of the hallmarks of a strong modern data protection strategy is a commitment to a clear policy that the organization will never pay the ransom, but do everything in its power to prevent an attack.”

Two trends helping to make paying ransoms less of an option are, according to Dr Harold D’Costa, President, Cyber Security Corporation,cyber insurance and the accessibility of various disaster recovery platforms and efficient data backup tools. “Having said that, prevention requires diligence from both IT and users. In most cases, cyber villains gain access to production environments when users unknowingly click on malicious links, visit unsecure websites or engage with phishing emails. After successfully getting inside the perimeter, intruders leave no stone unturned to exploit any unpatched or outdated software that they can find, and take advantage of known vulnerabilities, including common operating systems and hypervisors.”

Backup immutability and air gapping

Cybercriminals know that backup protocols can help victims avert ransom payments. They therefore attempt to destroy any backup repositories they can find. The caveat is that best-in-class backup protocols always maintain at least one set of air gapped and offline repository away from the network. Additionally, the data, even if not stored offsite/offline, should be encrypted and immutable. Such a diversification strategy in managing backup repositories is key to keeping precious data untouchable to cybercriminals.