Story image

C-Suite execs wouldn't pay ransom attacks, survey finds

04 Jul 2016

It seems C-Suite execs are unlikely to pay a ransom if their systems get hacked – that is until next time.

According to Radware’s 2016 Executive Application & Network Security Survey, some 84% of information technology executives at firm firms that had not faced ransom attacks say they would never pay a ransom.

Among firms that had been attacked, 43% paid, according to the survey.

“This is a harbinger of the challenging decisions IT executives will face in the security arena,” says Carl Herberger, Radware vice president of Security Solutions.

“It’s easy to say you won’t pay a ransom until your system is actually locked down and inaccessible,” he says.

“Organisations that take proactive security measures, however, reduce the chance that they’ll have to make that choice.”

In addition to the responses to ransom attacks, Radware’s survey found which security threats most weigh on the minds of the C-Suite and senior executives.

Former hackers are seen as reliable watchdogs: Senior executives see former bad guys as the best way to test their systems. Some 59% of respondents said they either had hired ex-hackers to help with security or were willing to do so, with one respondent saying, “Nothing beats a poacher turned gamekeeper.”

Firms see telecommuting as security risk: Work-from-home arrangements are seen as an increasing risk. The survey found a big jump in changes to telecommuting policies, with 41% of respondents saying they have tightened work-from-home security policies in the last two years.

Wearables require more than a dress code: While about one in three companies implemented security policies around wearables in the last two years, 41% said they still have no rules in place, leaving a growing number of end points potentially vulnerable. Perhaps this is because wearables aren’t seen as a major target—only 18% pointed to wearables when asked what hackers would most likely go after in the next three to five years.

New connected devices will be the next security frontier: While wearables were less of a concern, many executives surveyed think the Internet of Things (IoT) could become a bona fide security problem. Some 29% said IoT devices were extremely likely to be top avenues for attacks, similar to the percentage of nods received for network infrastructure, which received 31%.

Cleaning up after a cyberattack can be expensive: More than a third of respondents in the U.S. said an attack had cost them more than $1 million, and 5% said they spent more than $10 million. Costs in the U.K. were generally lower, with 63% saying an attack had cost less than £351,245 or about $500,000, though 6% claimed costs above £7 million.

Security risk is business risk: Whether motivated by ransomware or another factor, attacks impose significant reputational and operational costs on victims. When executives named the top two risks they face from cyberattacks, brand reputation loss led the pack, with 34% of respondents choosing that as a big fear. Operational loss (31%), revenue loss (30%), productivity loss (24%), and share price value (18%) were also included in the top concerns.

SecOps: Clear opportunities for powerful collaboration
If there’s one thing security and IT ops professionals should do this year, the words ‘team up’ should be top priority.
Interview: Culture and cloud - the battle for cybersecurity
ESET CTO Juraj Malcho talks about the importance of culture in a cybersecurity strategy and the challenges and benefits of a world in the cloud.
Enterprise cloud deployments being exploited by cybercriminals
A new report has revealed a concerning number of enterprises still believe security is the responsibility of the cloud service provider.
Ping Identity Platform updated with new CX and IT automation
The new versions improve the user and administrative experience, while also aiming to meet enterprise needs to operate quickly and purposefully.
Venafi and nCipher Security partner on machine identity protection
Cryptographic keys serve as machine identities and are the foundation of enterprise information technology systems.
Machine learning is a tool and the bad guys are using it
KPMG NZ’s CIO and ESET’s CTO spoke at a recent cybersecurity conference about how machine learning and data analytics are not to be feared, but used.
Seagate: Data trends, opportunities, and challenges at the edge
The development of edge technology and the rise of big data have brought many opportunities for data infrastructure companies to the fore.
Popular Android apps track users and violate Google's policies
Google has reportedly taken action against some of the violators.