Research has revealed that 40% of IT security professionals think paying to retrieve data targeted by ransomware should be made illegal.
The findings come from a survey of 145 security pros who visited AT&T‘s booth at this year’s Black Hat USA in Las Vegas. Despite 60% of respondents saying that they wanted to have the option to pay ransomware without falling foul of the law, only 11% said that they would willingly splash their cash if targeted.
A further 31% of respondents said that they would grudgingly cough up the cash to ransomware creators only as a last resort.
There was no question in the survey designed to ascertain whether ransomware was bad news in general, but if there had been, it’s likely that 100% of respondents would have replied in the affirmative. But despite the widespread and growing use of ransomware by threat actors, nearly a third of survey respondents considered themselves ill-equipped to deal with an attack.
When asked if they felt prepared for a ransomware attack, 31% said they were unsure. That’s not really what you want to hear, especially after Malwarebytes Labs reported a 195% increase in business detection of malware from Q4 2018 to Q1 2019, with attacks up more than 500% compared to the same period the year before.
“It’s clear from this research that organizations are still struggling when it comes to ransomware. Many do not know the best practices when it comes to ransomware, or worse, do not feel confident to handle attacks efficiently,” said Rick Langston, lead product manager at AT&T Cybersecurity.
“Companies not only have to mitigate ransomware by having a solid security program that uses protection tools to close down all possible attack vectors, but also have back-ups that are separate from the network in case the worst happens.”
Incentivizing companies to get their act together when it comes to the increasingly complex world of cybersecurity might be tough. With no security system 100% impregnable, it could be comforting to have the option to simply pay to get data back. However, not everyone will be happy to put a price on their ethical principles and let the bad guys win.
Source: Infosecurity Magazine