TALKING
‘‘ business this . The vast majority of cyber incidents are avoidable and the result of organizations failing to follow best practice , poor digital hygiene , and / or outdated or unpatched software .
However , is there any other type of crime that focuses almost exclusively on blaming the victim and so little on bringing the criminals to justice ? Businesses are viewed as the guilty party rather than victims and it is accepted that the criminals are unpunishable due to the lack of an agreed global legal framework and justice system .
If a criminal from another country travels to the USA , for example , and commits a crime against a business on American soil , there is an entire diplomatic process to ensure this person is brought to justice and the victim is compensated . This simply isn ’ t the case when it comes to ransomware .
International and intercontinental co-operation is the only way to create an environment where the risks are higher than the rewards for cyberattackers . The scourge of ransomware accelerated during the pandemic , increasing the appetite of government and business leaders to break the geopolitical impasse that has enabled cybercriminals to run riot . But it won ’ t be easy , and a workable holistic solution is still years away .
Learn self-defense
In the absence of a justice system that completely protects us from the bad guys , basic human survival instinct demands that we learn to defend ourselves . In the context of cybersecurity , that means focusing on a few fundamentals .
Firstly , every enterprise needs a dedicated IT security lead in place with access to business leadership and the authority to lead the security initiative . For smaller businesses , you absolutely need to have a resource with designated responsibility for cybersecurity and specializing in data protection .
Secondly , businesses need to practice impeccable digital hygiene . This includes mandatory training for all employees so that they recognize potential attacks , understand who to report them to , and understand why this is important . The more people buy-in to the need for good digital hygiene , the more alert and willing to take the blinkers off they become .
Finally , never ever pay the ransom . Organizations who pay ransoms feed the ‘ easy pay day ’ perception that means cybercriminals keep doing it . As soon as businesses stop paying ransoms , we ’ ll see a reduction in the popularity of ransomware as an extortion technique .
Cyberbreaches are a source of lasting reputational damage to businesses .
While businesses who suffer cyberattacks are indeed victims , they are responsible for protecting any data that they use , process and store . Paying off cybercriminals to get systems back online is an unsustainable defense strategy . As governments become more active in seeking to prevent the spread of ransomware , we may see businesses who do so investigated and reprimanded by independent regulators .
Clearly , dealing with the relentless and mass scale of cybercriminal activity against businesses and individuals will be an international effort across both the public and private sector .
While it is important that cybercrime is properly ‘ criminalized ’ and that the perpetrators are brought to justice , businesses must understand the responsibility they have to their customers and employees to protect any data within their jurisdiction .
This can only be done by implementing a Modern Data Protection strategy that combines effective front-line cybersecurity defenses with a comprehensive approach to data backup and Disaster Recovery . p
38 INTELLIGENTCIO LATAM www . intelligentcio . com