Austen Clark, managing director of Scottish IT specialists Clark Integrated Technologies tells Finance Monthly that a ransomware demand can be commercial suicide for a business, as it has the potential to ruin its reputation, send share prices plummeting and it may struggle to recover from the damage done.

Austen’s advice is simple - prevention is better than cure.

“Should companies pay cyber ransoms? The answer is that they should never have been in the position to be ransomed in the first place.

“Ransomware is the most financially successful hacking tool over the past four years. Revenues from ransomware have been increasing exponentially year on year – in 2016 it was reported a 6,000% increase in revenues.

“It is also one of the most publicised forms of attack so companies really have no excuse for failing to have appropriates backups, data recovery and updates in place. This can be avoided – hence why a business should not find itself in this position.”

Even after an organisation has been compromised, it should not consider paying a cyber ransom, explains Austen.

“By paying the attackers, you have confirmed that their method works, and paying a ransom does not guarantee you will get your data back. These are dishonest people, and even when you hand over the ransom there is no guarantee they will honour the arrangement. It has been well documented that they do not always release all of the data, holding out with additional requests.”

Austen outlines practical preventative measures relevant to all businesses to defend against a ransomware attack.

  • Install and update a current version of Antivirus/Malware software.
  • Update and patch the computer Operating System when advised by your vendor.
  • Update and patch Applications when advised.
  • Be vigilant and be suspicious: training to recognise a possible attack is recommended
  • Make regular back-ups of all of your data

As long as companies continue to pay up, then hackers will strike in this way.

Austen adds: “There are few that will admit to an attack – and even less admit to paying up, so this is vastly under reported but this has crippled companies before, and it will again. Organisations like Nayana will be in the press for a long time and for all the wrong reasons.

“If you follow these points you will reduce the risk of a ransomware attack which really is the best defence. In the event of falling victim you can restore your information and not have to pay a ransom. Back-up data to a separate source like a Data Centre, Cloud, or external hardrive, basically anywhere but your current source.”