Showing posts from November, 2019

Is paying a ransomware demand ever the right thing to do?

Conventional, not to mention Hollywood, wisdom tells us that paying the kidnapper is always a mistake (think The Big Lebowski or Fargo!). Our parents warned us to stand up to bullies right? Successful poker players know how to tough out the dead man’s hand, and even the smallest dog on the street knows to bark like hell when faced with a threat. We know all this and yet we see a distinct rise in the number of businesses willing to pay ransomware attackers. What the??

Ransomware isn't new but it is on trend. Specialist attackers deploying ransomware don't destroy our data, they hold it hostage, making it inaccessible without the intervention of the attackers complex numeric key. This key usually comes at a premium, if it comes at all. Many have paid out for nothing: no return of their data. A gratuitous, sinister abduction, just because they can.

With attacks becoming more wily, more intractable, perhaps it is not surprising that many surrender to the onslaught. Greater encryp…

Show You Mine If You Show Me Yours: The role of threat information exchange in strengthening cyber-defenses

Sharing is CaringSpeed and efficiency are essential to success in the digital economy. Businesses and organizations with an online presence need accurate, stealthy cybersecurity measures to counter the myriad of threats aimed at them. Working in isolation to tackle these attacks and shore-up cyber defenses is a costly and often futile exercise. As Grayson Milbourne, Security Intelligence Director at cybersecurity firm Webroot puts it:
Today’s cyber threat landscape is polymorphic in nature — constantly changing and making it nearly impossible to detect with traditional security approaches. For this reason, many businesses are coming to the realization that a collective offensive may be the best defense. Sharing threat information across public and private industries and organizations could reduce cybersecurity workloads and provide access to a wide pool of security resources, something smaller companies, in particular, are latching on to. 

In a recent study of 200 US IT security experts…