Crime shouldn’t pay
Cybercrime is afflicting big business. How to lessen the pain(Cybercrime is impacting large corporations. What measures can be taken to alleviate the suffering)
Banning the payment of ransoms would be a start
An illustration of a screen with a dollar sign in it and surrounded by eyes, the Earth and slocking arrows
ransom
[C, U]
money that is paid to sb so that they will set free a person who is being kept as a prisoner by them
eg. The kidnappers demanded a ransom of £50 000 from his family.
eg. a ransom demand / note
eg. ransom money
eg. They are refusing to pay ransom for her release.
MORE THAN a month for Jaguar Land Rover (JLR), an Indian-owned carmaker. A week for Asahi, a Japanese brewing giant. Six weeks for Marks and Spencer (M&S), a British retailer. That is how long each of those firms has needed to recover after being hacked. For JLR, the disruption has extended far beyond the firm. Last month the government in Britain, where it is based, said it would underwrite a £1.5bn ($2bn) loan in an attempt to keep the carmaker’s suppliers afloat.
Cybercrime has long been dominated by thieves who set out to steal information for profit. Now they’re being joined by thugs, who aim to use the threat of damage to a firm’s operations to extort higher payments.
thug
a violent person, especially a criminal
eg. a gang of thugs
extort
~ sth (from sb) to make sb give you sth by threatening them
eg. The gang extorted money from over 30 local businesses.
Cryptocurrency has enabled ransomware, an attack in which hackers seize and encrypt vital data, then promise to unscramble it after a ransom is paid. (Sometimes they even keep their word.)
Companies cannot prevent this, but they are not powerless. As we report, the recent attacks can teach other firms how to lessen the chance they will suffer a similar fate—and to lessen the damage should they do so.
One message is to be aware of which parts of an attack will prove to be the most expensive in the long run. As cyber-attacks have become more common, firms have begun buying specialist insurance to mitigate the risk. That is a good thing: insurance incentivises companies to take security more seriously, since those that don’t take care face higher premiums.
Even so, plenty of companies still do not take out enough cyber insurance, either because of a lack of awareness, or because it is costly. JLR is reckoned to have lost £50m for every week after the attack. M&S is thought to have missed out on around £300m of business in the weeks it spent fixing its website, yet its resilience insurance underwrote just a third of that. Buying insurance that protects against such losses would encourage firms not just to try to stop attackers getting in, but also to ensure their computer systems can recover quickly.
A second idea is to be aware of the risks of outsourcing. Handing off parts of a business to specialist suppliers makes sense. But IT outsourcers hold the keys to many different kingdoms. Front-line employees are usually told to follow a predictable script whenever an IT-support call comes in. These things make outsourcers especially attractive to hackers.
Sure enough, several recent attacks appear to have been carried out after hackers gained a foothold using outsourcing firms. Businesses that elect to outsource should vet their contractors carefully, and decide on risk-sharing arrangements before they sign. Outsourcers themselves may find that beefing up security could differentiate themselves from their rivals.
▪ ,beef sth ↔ 'up (informal)
to make sth bigger, better, more interesting, etc.
eg. As the threat grows, so does the case for beefing up defences against disease.
eg. New Zealand with 130,000 international students is also beefing up its recruitment strategy.
eg. One way to beef up emergency savings quickly is to repurpose forgone spending.
Governments can help, too, starting with tightening the rules around disclosure. Firms can be reluctant to admit they have been attacked. That reticence /'rɛtəsns/ makes it harder for the authorities to spot patterns and learn about vulnerabilities, which puts others at risk. America until recently ran forums in which firms could share information confidentially without worrying about falling foul of rules on collusion /kəˈluːʒn/. They should be revived, and other countries could copy that model.
reticence /'rɛtəsns/
the quality of being reticent; reserve; an unwillingness to do something or talk about something, for example because you are nervous or being careful:
eg. the traditional emotional reticence of the British
eg. His reticence about his past made them very suspicious.
eg. I think your dad had a certain reticence about showing love as he was afraid that people would leave if he did.
collusion /kəˈluːʒn/
[U]
(formal, disapproving) secret agreement especially in order to do sth dishonest or to trick people
eg. The officer were corrupt and were operating in collusion with the drug dealers.
eg. There was collusion between the two witnesses (= they gave the same false evidence).
Governments could go further and ban the payment of ransoms altogether. Some American states already forbid public bodies from making payments. (Britain is planning something similar.) In some places payments may violate rules against shelling out money to organised crime. Elsewhere, police often advise against it. A full ban may sound extreme, but it is in everyone’s interest to have less ransomware. The industry persists because it is more strongly in an individual’s interest to pay off extortionists. If hacking does not pay, it will wither. ■(In certain regions, making payments could contravene/ˌkɑːntrəˈviːn/ regulations prohibiting financial transactions with organised crime. In other areas, law enforcement frequently counsels against such actions. Although a complete prohibition may appear drastic, it ultimately serves the collective interest to reduce the prevalence of ransomware. The persistence of this industry is largely due to the fact that individuals often find it more beneficial to satisfy the demands of extortionists. If financial gain from hacking diminishes, the practice will decline.)
contravene/ˌkɑːntrəˈviːn/
(formal) to do sth that is not allowed by a law or rule
SYN is infringe :
eg. The company was found guilty of contravening safety regulations.
