No company is safe from hackers.
By 2025, it’s estimated that cybercrimes are going to cost the world over $10 trillion a year.
Here’s a quick example to highlight how cyber-attacks are morphing, and what companies are doing to try to defend themselves…
Mailchimp is a U.S. email marketing company that provides automated platforms for managing marketing services.
Recently, Mailchimp disclosed that it was the target of a cyber-attack. Hackers gained access and stole data from Mailchimp accounts.
According to the company…
“The incident was propagated by a bad actor who conducted a successful social engineering attack on Mailchimp employees, resulting in employee credentials being compromised.”
Social engineering is one of the most common ways that hackers target victims. The ease of carrying out an attack is what makes it so appealing.
The hackers usually impersonate a trusted source to get the victim to provide them with information.
Once the hackers have accessed data, they will often sell it on the dark web or hold it for ransom.
Over the past few years, ransomware has increased significantly to disrupt healthcare, transportation, and fuel suppliers.
The cyber-attacks aren’t very complex, yet they can earn the hackers a hefty ransom payment.
Since they are easy to carry out, ransomware attacks are occurring at an alarming rate.
And these days, companies are willing to pay the ransom to keep their systems running.
But this is also why ransomware attacks are increasing.
So, it begs the question:
Should companies pay the ransom, or not?
On one hand, they are protecting themselves and their data.
On the other hand, if a company pays a ransom the hackers will likely target them again for another payday.
As ransomware attacks increase, we could see “subscription style” ransomware payments.
What I mean is, companies and hackers could agree to a model where companies pay protection money in exchange for the promise they will not be hacked.
But there are a handful of problems with this idea, even if the companies feel it’s worth the cost.
With that in mind, here are a few things to consider when deciding whether to pay for protection or not.
It’s a service:
In the past few years, there has been an emergence of hackers creating businesses and pretending to be a legitimate business.
Some hackers go to considerable lengths to create a company. They often include a help desk and other features to make the business appear legitimate.
By using registered businesses, the hackers offer IT-related services to companies.
But the hackers are not legit.
The registered company is nothing but a front to mask illegal activity.
They might create a real company, but the company is conducting illegal business.
If you fall victim to a cyber-attack, be cautious of companies offering to help you fix the problem.
The best thing you can do is contact a local computer repair company or a source you have verified.
Protection payments:
Many security experts anticipate that we will see corporations pay protection money to hackers in exchange for the promise that the company won’t be targeted.
This is like paying the elementary school bully not to steal your lunch as long as you give him some money.
There are a lot of problems with this idea.
One obvious issue is that you’re trusting hackers, who are criminals, not to target your company.
Another issue with paying for protection is that the U.S. government is working on laws that ban ransom payments. This will likely also include paying protection payments.
And finally, if hackers have a source of income, it will lead to more cyber-attacks, and ever-increasing payment amounts to leave you alone.
Mob payment:
Paying for protection is as bad as paying the ransom.
Companies could pay a specific hacker group not to attack them. Maybe this group sticks to their word and the company has no problems.
But there are a lot of hacking groups.
So, a company could be making protection payments to hundreds of different hackers, which is not realistic.
There are no established hackers “syndicate,” no single mob family to pay for protection.
So, paying for protection will only protect you from one group, and there are plenty of others to come after you.
The reality is there is no way of truly knowing if your protection payment will actually protect you.
At the end of the day, protection payments will only encourage hackers to be more aggressive.
The best method to protect yourself is to make yourself less appealing to criminals.
Always use strong passwords, a VPN, and make sure your device has the latest updates.
Cyber hackers cannot make money off someone if they can’t get past their security barriers.