A culture of quickly paying ransomware extortionists has not only made Australian businesses high-profile targets for further attacks but risks destroying corporate reputations through the direct funding of organised crime, security experts have warned as ransomware volumes continue to pummel unprepared businesses. Many companies are well aware that they remain unprepared to deal with security compromises, with one recent survey finding that 40 percent of Australian IT decision-makers felt unprepared to deal with malicious attacks even though 55 percent had experienced an email hack or breach – well ahead of the levels in other countries.
That lack of preparedness typically surfaces in problematic ways as often-small businesses find themselves locked out of their files with current backups, or no clear way of restoring from whatever backups they do have. Yet instead of improving their proactive defences, many are paying ransoms straight away – increasingly considering them a cost of doing business.
And while it may seem like a straightforward cost-benefit business decision, this approach is raising all kinds of new questions. “One of the reasons Australia has become the #1 target worldwide is that the Australian market is paying for every single attack,” says Guy Eilon, ANZ general manager and senior manager with security firm Forcepoint.