As an IT professional, you are the leading edge of your organization’s defense against all things cyber. You’ve got John Wayne’s swagger, Liam Neeson’s focus, Harrison Ford’s nimbility, Harvey Keitel’s calm sense of urgency, and Samuel L. Jackson’s patent inability to suffer fools. Say what again. I dare you. I double dare you.
In your role as leading man or woman in the daily drama of threat and response, the idea that you would pay the hackers who are holding your data for ransom seems absurd. Your first inclination would be to storm the compound and lay waste to all vestiges of cyber crime, retrieving your data in its uncorrupt state before riding into the sunset like the hero that you are.
The Wall Street Journal, though, tells a tale of FBI reality in a recent article on ransomware. The debate revolves around the complexity of ransomware — also known as cryptolocker or crypto wall — and the near impossibility of recovering data that has not been backed up. The ransom usually ranges from $200 to $10,000, but the reality is that it’s often cheaper to pay the ransom than to remedy the situation through other means. The hackers exploit this dilemma, pegging the ransom figure to the market cost of recovering data.
The Best Defense is a Good Offense
The best strategy, of course, is to make every effort to avoid the breach in the first place, and ICS can be your offensive coordinator, calling plays and putting in key team members to perform pen testing and vulnerability assessments.
So do what other winning teams are doing this season: Put ICS in, Coach!