News Article

Ransomware Is Spiking, How Can Companies Deal With It?

By Sofía Hanna | Wed, 06/16/2021 - 17:00

You can watch the video of this panel here.

"Why are Ransomware attacks increasing every day?" asked Julia Urbina, Director of CyberIIoT, to panelists at Mexico Cybersecurity Summit 2021. The event, held on June 16, brought together cybersecurity experts to discuss the strategies that companies can take to protect themselves from this and other threats.

"Ransomware is a lucrative business based on extortion,” explained Ana Laura Chalico, Commercial Director at TOSSA. “Since last year, the pandemic led numerous employees to work from home and students to take classes online. This increases the risk of cyberattacks since the perimeter of protection at houses is not equal to the one at companies. We hold each employee accountable for all company information but we provide them little information on how not to fall for these attacks."

Growth is linked to profitability, and in that sense, ransomware looks like any business. “An organization invests where it has seen the greater profitability. These attacks are a perfect example. As long as money continues to be obtained from the attacks, they will continue and they will become increasingly complex,” added Ricardo Alvarado, Executive Director of Property & Casualty of Lockton.

The pandemic made employees more vulnerable by sending the workforce home and increasing the area of ​​opportunity for criminals, explained José Luis Cruz, Founder of EASYSEC. “Employees no longer have access to someone from IT to ask about questionable information. Users should be aware that they are at risk at home.” As ransomware attacks are linked to humans, if companies focus on human resources and awareness, the attacks would not be fruitful, added Urbina.

Even before the outbreak, many companies were unprepared to deal with a ransomware attack, explained David Hernández, CEO of Protectia.  “If an organization was already resilient, it would continue to be; but if it was not, it paid and will continue to pay the consequences,” said Hernández. Organizations in Mexico and abroad are not ready for this type of attack, he added. “At Protectia, we review the maturity of companies in the face of attacks. The reality is that many companies are not prepared at all."

How to Protect a Company From Ransomware?

Awareness, proactivity and discipline are essential to keep companies safe from cyberattacks. "We evaluate the risks, status, maturity and perspectives to evaluate how a company could be attacked. Users also have to analyze the various stages to see how to prevent and protect themselves beforehand," Education, awareness campaigns, guides and constant practice are also essential. “It is like any other protection measure. You have to do drills to know how to act and what to do during an attack. It is going to happen and you must know how to react,” said Chalico.

An Attack Has Occurred, What Now?

The first question a company ponders in the wake of a ransomware attack is: to pay or not to pay? The answer is, sadly, not straightforward. "There is no correct answer; it depends on many factors,” said Alvarado. “It is a matter of risks. Companies have to evaluate what it means to pay, knowing that they will probably never recover the information. The belief that paying will bring the information back is a misconception. The attacker encrypts the documents and provides the decryption key. But in this process, 40 percent of the information can be lost.”

If a company’s operations are paralyzed, it must evaluate its the ability to recover. Paying can also turn out to be more hurtful in the long term. There is a growing trend where companies that paid the ransom are attacked again, explained Hernández. “They are also further extorted for not revealing data. Hackers investigate and know your business perfectly, so now they can upload the data to extort more money.” Furthermore, many insurers do not pay the ransom in certain cases and companies that paid only get the key in approximately 70 percent of events, said Alvarado

If preparation fails, companies should improve their processes to prevent further attacks but they remain open to risks. "(A ransomware attack) is one of the worst cases a company can find itself in. Once the event ends, there is always a remnant of risk because it can become a double extortion in the future. The ideal is to prevent and be prepared when it happens," said Alvarado. Companies do not have to be victims to learn from ransomware attacks. “It is important for companies to avoid believing it will not happen to them,” Hernandez added. 

To be prepared, companies must identify their risks, accept them and quantify them, concluded panelists. Also, "do not hesitate to invest in cybersecurity," said Chalico.

Sofía Hanna Sofía Hanna Junior Journalist and Industry Analyst