RISK MANAGEMENT PLANS AND RANSOMWARE

Due to the sensitivity of an organization’s records and the necessity to maintain the legitimacy of their documents, Australian organizations appear to be so prepared to pay extra. In comparison to the worth of the documents that the firm is holding, the money that the cybercriminal frequently demands is frequently rather tiny. According to Bailey (2017, p. 1), the typical ransom sought is between $500 and $5,000, which many firms are usually happy to pay without having it have an impact on their profitability levels. Additionally, many Australian organizations are so willing to pay owing to save on working hours that would be lost when the cyber-attacks hold the crucial documents of the organization in ransom.

Question two

The approach that is undertaken by the Australian authorities is not sufficient. Research indicates that the companies that pay up the ransom are likely to face similar attacks. Therefore, the long run losses that could be incurred by the organizations is high (Swenson 2017, p. 47). Additionally, the existence of Google for Business and Cloud backup of the crucial documents of an organization would further ensure that there is no data loss in the event of a data attack (Bailey 2017, p. 1). Therefore, there is no justification for the companies to pay up the ransom to the cyber criminals.

Question three

Good risk management strategy would be crucial in providing a better response in the event of a cyber-attack. The WannaCry attack is known to attack the unpatched Microsoft windows versions majorly (Mohurle and Patil 2017, p. 7). Therefore, there is need to ensure that the windows version used by the computers has patched Microsoft versions to prevent the likelihood of cyber-attacks. The other aspect of risk management plan is the incidence response plan. The incidence response plan enables an organization to build resilience for the cyber attacks that they are likely to face. The incidence response plan allowed the organization to track the nature and source of attacks with the intent of advancing the security features of the digital platforms established by an organization. Second, there is need to seek insurance who could enable the company to develop a cyber-liability policy. The policy would compel the insurance companies to pay up for the damages that are incurred in case of cyber-attacks, thereby, eliminating the likelihood of an organization suffering losses in the event of a cyber-attack (Woods, Agrafiotis, Nurse and Creese 2017, p. 8). Staff members within the organization also need to go through cyber security training that would enable them to have an adequate response in case of an imminent cyber-attack. Notably, companies need to ensure they train their staff on phishing and how they would avoid phishing emails. Phishing is the primary strategy that is used by hacks to introduce malware into computers and systems of an organization.

Therefore, the cyber insurance policy needs to constitute the policy proposal that is utilized by an organization. As an operational procedure, training to staff on cyber security and phishing needs to be mandatory. Any employee who accidentally opens a phishing email needs to report such to the management to facilitate the isolation of the computer from the servers and online systems of the organization. As a mitigating measure, there is need of backing up the sensitive data of the organization in cloud and further ensuring that the firewalls used by an organization are effective in exterminating malware attacks.

References

Bailey, M. (2017). Australians are world’s biggest cyberattack ransom payers: Malwarebytes survey. Australian Financial Review, [online]. Available at: http://www.afr.com/leadership/entrepreneur/australians-are-worlds-biggest-cyberattack-ransom-payers-malwarebytes-survey-20170802-gxnqb7 [Accessed 3 August 2017].

Mohurle, S. and Patil, M., 2017. A brief study of Wannacry Threat: Ransomware Attack 2017. International Journal, 8(5).

Renaud, K., 2017. It makes you Wanna Cry.

Swenson, G., 2017. Bolstering Government Cybersecurity Lessons Learned from WannaCry.

Woods, D., Agrafiotis, I., Nurse, J.R. and Creese, S., 2017. Mapping the coverage of security controls in cyber insurance proposal forms. Journal of Internet Services and Applications, 8(1), p.8.