How Should Corporate Leaders Deal With Ransomware

2017 was the year of ransomware, most especially WannaCry, which single-handedly earned its authors an estimated $4 billion in ransom payment. Though the hype of the ransomware infection globally has subsided, corporate workstations and individual PC owners continue to get infected. Infection comes at the day and age where the market for cloud-storage services is already saturated. Big names such as Microsoft, Google, Apple, Amazon, and other players are in this space, reliable online backups that can easily reverse the damage that ransomware caused.

Solutions, especially preventive solutions even if available, many of them even free to use are not taken advantage of. As the implementation of a reliable backup system is not being implemented by many, they are very open for exploitation of ransomware. This big installation of critical systems with zero back-ups are more frequent with non-IT industries, such as the healthcare sector and the financial-market sector.

No operating system vendor can fight back against ransomware on their own. It requires strong support from the community of users and organizations, especially the change of mindset. One such change that needs to happen is the willingness to accept automatic updates as it becomes available. Yes, many professionals don’t like automatic updates, especially with bug-infested updates with recent 1809 Windows 10 release. However, the bottom line, it is convenience versus security. Automatic updates are inconvenient in nature; it negatively affects user productivity, as time used for updating a computer is time not used to do anything productive.

However, these updates are vital in order to close loopholes and vulnerabilities with software people use in their day-to-day tasks. One wrong move, such as executing a malicious email attachment is enough to create panic in a corporate computing environment, spreading the infection through unpatched vulnerabilities and tomorrow the company’s very existence in the market can be wiped out. The very lifeblood of any business — consumer confidence is decimated, unable to recover no matter how good the PR machine is.

Always remember:

1. Cybersecurity awareness from top-to-bottom and not the reverse. The board-of-directors and the top management team of organizations should make themselves aware of the risks; a controversial cybersecurity issue will hurt the company more than a year-on-year decline in profit.
2. Don’t blame the rank and file when it comes to the issue of security breaches, virus infection and botnet membership with the corporate network. It is the responsibility of all to help secure the entire system, yes including the top management and the board. One weakness that can escalate a potential issue is if the top management cut corners when it comes to cybersecurity spending.
3. Make encryption standard in the whole organization. This will also help lessen the risk of losing data in the event that the hardware is lost. How many times people lost their laptops in airports around the globe in a month. That information alone opens everyone’s eyes to the importance of implementing encryption for the whole organization, especially the mobile users.
4. Spend time and money with penetration testing. Penetration testing can be done internally with a very competent IT team or externally by hiring an ethical hacking group to do it instead. It is an “investment” and not a “cost” when it comes to penetration testing.