MailGuard Partners Blog

As we pulled the curtain on 2020, counting our losses from events that none had foreseen, with global geopolitical tensions rising, and in the wake of a global health emergency the likes of which we had never experienced, in COVID-19. It forced workforces across the globe to shift to hybrid or remote working and reflected in the IC3 2020 report summarizing the impact on U.S. citizens from cybercrime, citing “a record number of complaints from the American public in 2020: 791,790, with reported losses exceeding $4.1 billion.” Saying “This represents a 69% increase in total complaints from 2019. Business E-mail Compromise (BEC) schemes continued to be the costliest: 19,369 complaints with an adjusted loss of approximately $1.8 billion. Phishing scams were also prominent: 241,342 complaints, with adjusted losses of over $54 million. The number of ransomware incidents also continues to rise, with 2,474 incidents reported in 2020.”

We all use passwords. In fact, we need them to access almost any online device. They are the key to retrieving sensitive data, whether it be online banking, classified company documents or social profiles, such as LinkedIn. They’re the first line of defense to protect crucial information, and often the most vulnerable. It’s not surprising then, that cybercriminals often create phishing scams to steal password credentials in order to procure data for use in criminal activity.

To pay or not to pay? On the surface it may appear to be a relatively straightforward question, however, in reality, the answer is not so simple (particularly if we dig a little deeper). Amidst the plethora of information and advice offered by Governments, cybersecurity professionals and industry experts around the world, there is one thing that we seem to all agree upon: the answer to this critical question is not one-dimensional, whatever your viewpoint may be. Every incident is different because every company has its own unique set of challenges and priorities to consider.

Your customers' business data is being held hostage, encrypted with only their attackers holding the keys. So, should they pay up the ransom, or try to recover without handing over company profits to cybercriminals?

“Service NSW confirms 180,000 customers' personal details exposed in cyber security breach”  
“A cyber-crime is reported every ten minutes in Australia”  
“NAB flags cyber-attacks during the pandemic have intensified”  

In a year we would all rather forget; an unfortunate side effect has been a rise in ransomware incidents and opportunistic cyber-attacks.

The Zero Trust security model is all the rage these days, with experts calling it “the new cyber game,” one that plays a significant role in securing the new normal.

If a company has been hit by a ransomware attack, should it pay the ransom?