Unfortunately, stories of ransomware holding companies hostage are becoming so commonplace that reporting on them is almost not worth it anymore. The public is building up the same type of awareness fatigue everyone experienced last year with the numerous data breaches occurring in our most well-known companies and platforms. The latest victim is the county of Madison, Indiana which actually had to shut down all non-emergency operations due to a ransomware infection, shuttering courts and county offices, and sending government employees home. Sadly, it appears they did not have backups of what was encrypted, as they are paying the ransom at the behest of their insurance carrier.
What this means for you:
While Madison County’s lack of data backups is reprehensible (if not somewhat predictable when it comes to government IT budgets), the fact that someone in charge was savvy enough to insure county operations with a policy that would actually pay the ransom (less the deductible, of course) is the relevant lesson. Lest you take the wrong message from this, taking out a cyber insurance policy in place of having proper backups and security is being penny wise and pound foolish. The likelihood of an insurance policy getting you out of a technology disaster pales in comparison to the reliability of a solid backup system and managed security. Your best strategy is to have both insurance and a solid technology infrastructure. The insurance is best used to cover the costs of recovery, which may include cleanup, data restoration, client and customer notifications, and possible breach violation fines.
Image courtesy of Stuart Miles at FreeDigitalPhotos.net