Paying hackers has become a trend and If you’ve been following the news on security recently, you’ve probably noticed the insane amounts of money being paid off from businesses being held at ransom by hackers. Many large enterprises and businesses have had to choose between company reputation or ransom payment for damage control. It’s no surprise that a result of non-payment would be far worse than trying to fix the issue yourself.
Uber has been at the center of this story for quite some time. With over 57 million accounts held to ransom, $100,000 didn’t seem too huge a sum to pay up. Although we encourage businesses to hold back from paying these cyber thieves, businesses are left with no option but to pay up to these demands.
We also noticed that a trending ransom fee came in the form of bitcoins. In the recent Equifax hack, hackers demanded $2.6 million in bitcoins in a direct threat to 143 million accounts. Even Hollywood joined in the act by submitting to millions demanded in bitcoin for stolen files. The Sacramento regional transit system also took a huge hit from hackers demanding a ransom of a single bitcoin.
The list just goes on and on. We understand why businesses choose the route of payment to get rid of one group of hackers, but they are like cockroaches, kill one, and more land up on your doorstep. You need to be fully aware that it makes you a much softer target in the eyes of other hackers and you can be assured they will all come for you.
An IBM study in 2016 revealed that 70% of the business hit by ransomware paid the thieves. So really, paying these criminals is not something that has only been done now. It’s been a longstanding war that has to be stopped at some point.
There is a lot of people giving advice out there on how you can do some damage control but here are a few tips that you can incorporate way before you get hit that cost a whole lot cheaper:
#1. Get your application tested periodically: I see a lot of people advising businesses on how to recover from damage the hackers cause but not of lot of them are talking about prevention. Prevention is something that has been preached since times immemorial, be it in regards to health, insurance, property and now more than ever into your online business. There are some great security testing businesses out there who’ll ensure that your application goes through a series of tests to ensure that penetration is harder than fitting a camel into a needle hole.
#2. Use Automation: One of the primary excuses I hear businesses talk about is the added effort put into security. Yes, I know security is an effort and it takes a lot of your resource’s time up. But it's worth every bit of your precious time! However, if you are still cribbing about the worth, there are great automated tools that can monitor your basic security every single day, leave alone on a periodic basis. It’s so much cheaper and less stressful than having to deal with a situation such as Uber and the other businesses mentioned above.
#3. Run a public bug bounty program: Remember that hackers could be anyone. They could be you or me. They may be as young as 12 or 13 sitting down in their basement making an absolute fool of a million dollar business such as yours or mine. There is more dignity in running a public bug bounty program and get hacked by the same hackers who would probably hack you for a much higher ransom.
#4. Device a QRF Plan: Just like in the military, QRF stands for Quick reaction force. The military trains its QRF for emergency situations that helps enable them to react to a situation at the quickest possible time. Why can’t there be a plan for some sort of QRF during these situations in the cyber world? After all, it is predicted that world war 4 would be a total cyber warfare. The more solid and well trained your QRF is, the better the chances you have at neutralizing your threats right at its occurrence.
#5. Buy time, Neutralize threats: If ever a threat comes your way and there is a heavy price tag on it, you can be comforted by the fact that not a lot is going to be done if you do not pay the ransom. The ball is always on your court unless you’ve given into the demands of the hackers. The motive is always money. Use this time to quickly buy yourself some more time in order to get a super experienced cybersecurity expert to neutralize your threats. This is very possible and has also been a testimony to Appknox after we successfully helped saved the reputation of three large enterprises faced with similar threats.
So there you have it. Five simple but very effective steps that you can incorporate and not pay those ridiculously obnoxious amounts of ransom to hackers again. Let us know if this is something that concerns you and your business. We’d be happy to talk and help you set up a crisis strategy to avoid unforeseen incidents that could dent your business’s reputation.