Ransomware, for all its name-brand hype, is really a scourge that is hurting more than it’s helping. To discover what companies really need to do in order to protect themselves from this threat, The Economist spoke with Dr. Peter Welsh, founder and director of Cyber War Research at BAE Systems.
Here’s what Dr. Welsh has to say.
■ If you’re a company, you need to take an inventory of your assets: what’s the value of each asset? Do you have control of where those assets are held? What technology is used to manage those assets?
■ How do you centralize those assets in order to protect them? Are there vulnerabilities within your organization that are giving you the problems?
■ One of the components of that system needs to be a countermeasure: is there a countermeasure that you can create, not to protect yourself, but to shut down and reduce the amount of damage?
■ You need to assess your opportunity and make sure you’re going to take it. If you haven’t got a crisis plan in place, then you need to at least think about it.
■ If you’re not operating on server farms, you should be thinking about areas like cloud services that can provide you with another method of keeping some of your databases safe.
What companies can learn from this?
Dr. Welsh: The company with a sound, well-formulated [cyber] strategy should not be affected. If the resilience that was built is still in place, [the attacks] don’t have a significant impact. By analogy, a minor hurricane has a disproportionate impact on the city.