CEOs need to understand that cybersecurity isn't just about IT. Source: Shutterstock

CEOs need to understand that cybersecurity isn’t just about IT. Source: Shutterstock

What every CEO needs to know about ransomware

EVERY business is vulnerable to cyberattacks in today’s world, and ransomware is one of the biggest challenges that any organization faces.

According to Gartner, “Ransomware families have grown by more than 700 percent since 2016 and as many as 35 percent of the cases are resolved by paying the ransom.”

Fighting Ransomware isn’t the responsibility of a single platform or product owner within the business, and it’s not possible for the cybersecurity team to combat all threats by themselves.

Effectively warding off ransomware attacks requires a deep cultural change — and in order to drive that change, CEOs need to understand (and be in a position to explain) these four facts about ransomware:

# 1 | It’s a people issue, not a system issue

Ransomware typically attacks the business user and makes them believe something of value has been “taken hostage”.

The more the user believes the hacker, the less they’re able to fight back. Further, it’s been psychologically proven that users tend to “pay up” when they fear the attack and believe they’ll be blamed for the breach.

Hence, it’s important for the CEO to foster a culture of openness and explain that employees are “allowed” to make errors — but that they should highlight issues to colleagues and the IT team when something goes wrong.

# 2 | Following best practices is a good idea

The thing about ransomware is that there isn’t much room for hackers to get creative, except for playing psychological tricks.

They’re smart people, and they know that the trick to getting users to pay up is to make them believe, rather than actually holding data hostage.

Following best practices helps prevent a great number of hacks. However, it’s important for CEOs to emphasize why certain things are done and how breaking protocol could put the entire company at risk.

After all, a pen-drive in the email from a prospect outlining their “requirements” could cause a lot of trouble.

# 3 | Isolated employees feel the heat

Given the psychology of most employees, hackers tend to succeed with ransomware attacks when they are able to convince their employees that they’re “isolated”.

Hence, it’s up to the CEO to foster a culture where, irrespective of seniority, employees aren’t burdened with the responsibility to protect all systems.

Truth be told, many a time, it’s when someone in the organization is attacked and pays up that hackers really understand how the organization reacts to ransomware — which might help them scale up their attack the next time and earn a bigger payout.

# 4 | Hackers love companies with an SOP

Okay, best practices are important for organizations and can form an effective defense against cybercrime and more specifically, ransomware.

However, it’s important for companies to understand that creating “alternative” plans is a good idea to prevent hackers from learning their “standard operating procedures” and holding them hostage.

CEOs must encourage their IT team to create multiple modes of defense against ransomware — maybe when a particular computer on the network is taken ransom, the organization decides to pursue one line of defense while it chooses to pursue another when data from an entire product is taken hostage.