Unit 4_LS311_Discussion response
13482Respond or elaborate on the response below:
Ransomware has become an increasingly popular form of cybercrime, particularly in the business world. With iHiker falling victim to a ransomware attack that has impacted non-critical systems and left the software functional for the time being, the company finds itself in a predicament, whether to pay the $50,000 ransom to have the systems restored, or not. Sherer et al. (2024) discuss that when determining whether to pay a ransom many factors come into play for a business, such as the amount of the ransom versus the loss that could be incurred, the limitations on the system from the attack, and the amount of help that law enforcement can provide, although they do also note that it has always been police guidance to not pay a ransom. With this in mind, looking at the scenario iHiker finds itself in, the amount being asked is $50,000, which is not a small fee for the return of its systems, while there is also minimal impact to its operations currently. I would advise at this point for iHiker to not pay the ransom because it is not a guarantee that the systems will be appropriately restored, and at the present time, it is not posing a significant risk to the company’s operations. Instead, I would advise iHiker to contact the authorities, specifically the FBI, as Cheeseman (2021) explains that cybercrimes, including extortion threats, fall under the Computer Fraud and Abuse Act (CFAA), making them federal crimes. No matter the decision made by iHiker, the ransomware attack should be reported to the FBI as “the Bureau utilizes notifications it receives regarding Ransomware and other threats in an overall effort to build up more comprehensive forms of defense and prevention” (Sherer et al., 2024, p. 30). Aside from the potential of not getting any data back or the systems being unlocked from the ransom attack, even if the ransom is paid, there is the risk of potential legal ramifications, as the person committing the attack is unknown. There is always a concern for bad actors and those who are trying to gain funds for illicit or terrorist activities through American businesses, and sending money to these individuals, even unknowingly, could have ramifications for the sender under OFAC regulations, according to Sherer et al. (2024).
In order to mitigate the risk of any attacks, iHiker must bolster its cybersecurity efforts immediately. The first step I would suggest is to train the staff regarding password protection and encryption in the computer systems, as well as with emails. The Cybersecurity & Infrastructure Security Agency (2021) recommends keeping up with all patching and operating system updates to ensure that systems are more secure and not left vulnerable to hacking as well as doing full backups and storing the backups separately from the system, that way the system can be restored in the event of an attack. Ultimately, the company must train the employees on the importance of cybersecurity and how even the small steps, such as double-checking email links before clicking them, can help prevent ransomware attacks. This can all be achieved through a recurring training program that reminds employees of best practices and reinforces the goals of cybersecurity.
Collepals.com Plagiarism Free Papers
Are you looking for custom essay writing service or even dissertation writing services? Just request for our write my paper service, and we'll match you with the best essay writer in your subject! With an exceptional team of professional academic experts in a wide range of subjects, we can guarantee you an unrivaled quality of custom-written papers.
Get ZERO PLAGIARISM, HUMAN WRITTEN ESSAYS
Why Hire Collepals.com writers to do your paper?
Quality- We are experienced and have access to ample research materials.
We write plagiarism Free Content
Confidential- We never share or sell your personal information to third parties.
Support-Chat with us today! We are always waiting to answer all your questions.
