Last week's ransomware attack, which affected 200,000 computer systems in 150 countries and crippled hospitals across the United Kingdom, is a frightening reminder of how much damage can be done by this type of malicious cyber attack. However, a new survey reveals that most people are ill equipped to deal with such an attack.
“It is simply unacceptable that people do not get the care they need because of cyber criminals attacking hospitals. We have a shared responsibility to collaboratively get this under control,” says Kathy Brown, President and Chief Executive Officer of the Internet Society which helped to fund the survey. “Law enforcement, IT professionals, consumers, business, and the public sector all have responsibility to act to keep enabling the good that the internet brings.”
According to the joint CIGI, ISOC and UNCTAD Global Survey on Internet Security and Trust, conducted by global research company Ipsos, before the latest attack, 6% of internet users globally had already been personally affected by ransomware, with internet users in India, Indonesia, China and the United States the most likely to be affected. An additional 11% knew someone who has been hit by these malicious programmes.
"Cyber thieves now operate on a global scale, as the most recent attack illustrates, and just about anybody can launch a ransomware attack,” says Fen Osler Hampson, Distinguished Fellow and Director of Global Security at CIGI. “Ransomware attackers have discovered that they don't have to steal or destroy your data to enrich themselves, they just have to hold it hostage. Our survey data shows that many people are willing to pay to get their data back, which makes such attacks highly profitable."
People remain largely unprepared for this new form of cyber attack, which encrypts their data and renders it inaccessible until they pay a ransom. Nearly a quarter (24%) of people admit they would have no idea what to do if their computer were to be hit with ransomware.
Many would turn to the authorities with 22% contacting law enforcement, 15% contacting their Internet Service Provider and 9% contacting a private firm to try to retrieve their data. Unfortunately, the authorities are often unable to help. Once the data is locked, it is extraordinarily difficult to retrieve without either paying the ransom or restoring the files from a backup. Here again, internet users are woefully unprepared, as only 16% of people globally indicate that they would retrieve their data from a backup.
As individuals and as organizations, our data is important to us, and our time is important too. We do not want to lose either as it could be costly. We need to make sure that we have plans in place to be able to respond to such an attack and manage through any disruption that occurs as a result. Business continuity has played an important role is the response to this latest ransomware attack with many organizations invoking their plans and putting processes in place to ensure that it didn't turn into a crisis.
Organizations of all sizes need to develop a business continuity programme. If you haven't already done so, read the Good Practice Guidelines Lite Edition, which is free download published by the Business Continuity Institute that offers some basic guidance on the steps you will need to take.