I may be an analyst for Storage Swiss now, but for 30 years I’ve also been in the news business. So with the emergence of “WannaCry” I’m seeing my two worlds collide. And it’s no surprise it’s over ransomware.
We’ve been writing a lot about it on Storage Swiss over a number of years. George, Curtis and Joseph keep warning that it will hit big and hard, and WannaCry proves them to be right. They’re also telling you how to prevent ransomware from hitting your organization, too.
After the “Breaking News Alerts”
Now that the true “hard news” headlines about the WannaCry attack are going away, we’re seeing a bunch of “experts” coming forward to give your bosses suggestions on how to deal with ransomware. Many of them are big name lawyers, others have PR firms giving their clients the title expert. The one thing they say that’s irking me the most is, “Never pay the ransom!”
Really? Does that scenario work every time? Are experts just giving blanket opinions for a one-size-fits-all use case?
It makes great copy for CNBC.com to run columns like this on days where it is hard to post business news. But it kind of does a disservice to IT professionals and the people they work for.
Because every case is not the same. The use case most are using is Disney’s refusal to pay the ransom to hackers who took the newest Pirates of the Caribbean movie. Disney CEO Bob Iger is telling the hackers he will not pay. That means that at least a few thousand people will watch the film online instead of paying to see it in the theater.
Then we are told that every business should do the same. Don’t pay these ransoms! Don’t give in! It will just encourage the hackers to steal more!
What makes Disney Different from most of the rest
Yeah, that’s true. But Iger and Disney are sitting on millions of dollars. It can afford a hit from letting this movie out to the public early. The devoted fans are still going to go see it and Disney is getting millions of dollars of free publicity out of this. It’s a PR practitioner’s dream. Big Man Iger standing up to those dirty thieves.
Good for Disney. But what about the SMB that doesn’t have millions of bucks in the bank. It may not have tens of thousands of dollars in the bank. It has just enough to cover two or three months of expenses in the business savings. What happens when that business is hit with ransomware in critical files? Files so critical that losing those files will wipe out the business all together?
Most ransomware scenarios are also very different than the Disney situation. What if Disney was told that all copies of Pirates was encrypted, and they could not ship the movie to theaters unless they paid the ransom? Instead of missing out on a few people not seeing the movie, they would miss out on all people seeing the movie. Their $200 million investment would be a total waste.
Pay Now Instead of Paying Ransom Later
What does that business owner do? Can he spend two or three thousand dollars in ransom to get his files back so he can get back to work? Or does he make a principled stand like Disney and say no. At the same time he’s putting himself out of business and three or four employees on the street and employed?
Right! He’ll pay the ransom and get his business running again. Everyone can’t be Disney.
But what if your boss is one of those guys who looks at Bob Iger and has the, “I wanna be like Bob complex.” Not good for you, the IT pro having to deal with that boss when it comes to things like ransomware.
The suggestion from this reporter is to make sure your boss gets his information from you, not the media. Update constantly on how you are handling the ransomware issues. And if you find a way where you can convince him to invest in ways to improve your infrastructure to make your data more secure AND prevent it from ransomware, it might be a good idea to share that technology.
Not every business has cash reserves to withstand a hit from a ransomware or virus attack. All can not afford to take a principled stand and refuse to pay a ransom. But every business can work to find ways to protect data and ensure they do not fall victims to ransomware. Research options that are best for your organization. When you find the right use case for your organization, share it with your boss. Make him aware of the solutions. Best to spend now on what you may have to pay a ransomware terrorist on new technology to protect your data then to have your boss take a Bob Iger stand and risk putting your and your co-workers without a job.