The events of the last few days have captured the attention of media and business worldwide; a wide scale ransomware outbreak that has effectively shut down a number of NHS trusts and hospitals amongst a welter of other business and organisations. It is into this space that the Business Continuity professional/team/plan, steps.
Business Continuity is exactly as it sounds and looking at the statistics out of the BC Institute (watch this space tomorrow), an unplanned IT outage is something most organisations already and quite rightly, fear. Having a plan in place and having tested that plan, is vital to the success of BC and some organisations and businesses this morning and indeed this week, will be sadly reaping the whirlwind, not just of being under attack but not having a plan for how to continue, should all the security measures and training that were in place, fail and the worst happen, as networks become inaccessible or files are maliciously encrypted.
In the meantime, some NHS hospitals and trusts have resorted to pen and paper as they still have no access to their digital information. The broader and more perplexing question for me personally is, what about paying up? If you follow the BBC drama Last Kingdom, as I do, then you may recognise the scenario. When his daughter is held to ransom by the Danes, King Alfred is faced with the dilemma. Does he pay the huge ransom (a King’s ransom, in fact) which will cripple his Kingdom financially, in order to retrieve his daughter? He knows full well that the ransom money will be spent on attacking him ferociously and, in a weakened state, will be horribly defeated and thus he will be the architect of his and his kingdom’s doom; the cause of much death and destruction of his people. Or does he refuse and thereby acknowledge she then faces the possibility of death.
If we keep paying digital ransoms, we are effectively paying criminals to build or adapt bigger and better malware to attack us, also they know who will pay up and so the demands stand a chance of being repeated with escalating prices and no guarantee the data will even be returned. In paying the ransom we may retrieve the assets but we have substantially weakened the position of everyone except the criminals.
This week, #BCAW2017, gives us an opportunity to think about these things against a very real backdrop of the results if we don’t.
CSP2017 in York includes a Ransomware workshop which will look at various aspects of Ransomware and delegates can share knowledge, expertise and opinion. Details.
- Posted by Ellie Hurst
- On 15th May 2017
- 0 Comments