1 in 3 security professionals recommend negotiating with cybercriminals for the return of stolen data or the restoration of encrypted files, according to ThreatTrack Security.
While 70% of respondents overall did not support negotiating, 86% of security professionals believed their peers at other organizations have brokered deals with cybercriminals. The study also found that firsthand experience with cybercrime extortion clearly shaped opinions.
Nearly 40% of security professionals said they are employed at an organization that has been targeted by cybercrime extortion, and 55% of them are willing to negotiate.
Stuart Itkin, Senior Vice President at ThreatTrack, said: “Whether data is stolen by APTs or targeted attacks, or lost due to ransomware infection, enterprises need to reevaluate their cybersecurity strategies to incorporate the latest advanced threat defenses and become obsessive about backing up their data. Rapid detection and elimination of threats, and the ability to restore encrypted data, will neutralize the incentives that are driving cybercrime extortion and help ensure security professionals will not have to face this difficult choice.”
Security professionals within the healthcare and financial services sectors were least likely to recommend negotiating with cyber-extortionists with 92% and 80%, respectively, saying “No”. 66% are concerned about negative reactions from customers and/or employees whose data was compromised if they learned their organization chose not to negotiate with cybercriminals for its return after a breach was disclosed.
23% said companies should set aside funds for negotiating with cybercriminals who steal, encrypt or threaten to sell their data:
- 43% of respondents in organizations already targeted by cybercrime extortion agreed
- 22% of all respondents said “Depends on the data” that is at stake.
Asked what types of data for which they would be willing to negotiate with cybercriminals:
- 50% said they would never negotiate
- 37% said Employee Data (social security numbers, salaries, addresses, etc.)
- 36% said Customer Data (credit card number, passwords, email addresses, etc.)
- 30% said Intellectual Property (product design, software code, R&D, etc.)
- 26% said Confidential Executive Communications
- 22% said Financial Data (earnings reports, M&A activity, etc.)
Asked what role the government should play in investigating cybercrime extortion:
- 44% said the government should be notified immediately and granted complete access to corporate networks to aggressively investigate any cybercrime extortion attempts
- 38% said the government should establish policies and offer guidance to companies who fall victim to cybercrime extortion
- 30% said companies should have the option of alerting the government to cybercrime extortion attempts made against them
- 10% said the government should make it a crime to negotiate with cybercriminals.