We won’t always know when businesses fall victim to hackers
Companies with brands at stake don’t tend to shout about it when their security is exposed
Severe data breaches caused share prices to fall by an average of 1.8 per cent, an analysis of 65 companies affected found. Photograph: Pawel Kopczynski/Reuters
Ireland’s fledgling National Cyber Security Centre says just 20 Irish IP addresses were hit by the ransomware cyber attack that locked up more than 200,000 computers worldwide. That’s the good news. The bad news is that this wasn’t the first such attack, nor will it be the last, and we won’t necessarily know how many organisations have been affected each time.
Victims of ransomware usually don’t jump up and down declaring the fact. Indeed, many go against the official advice not to pay the ransom. They pay up just to get their files unlocked and resume their business as swiftly as possible. Permanently losing access to their customer data, client information and other critical data would be unthinkable, so they cough up and then keep quiet about it to protect their reputations.
They know it is not a good look to be caught out by ransomware hackers. Such attacks are neither new nor particularly sophisticated. They deliberately target those with “vulnerabilities” to be exploited – in this case, organisations running embarrassingly old versions of Microsoft Windows for which the tech company stopped issuing security updates three years ago.
While it is deeply concerning that some 1,500 computers in the Health Service Executive are estimated to be running unsupported Windows XP software, it is perhaps not surprising that our underfunded health service should be in this position.
For businesses, the health of their core brands is at risk here. Those caught using old software look unreliable and literally out of date. Those who don’t follow basic good practice on data back-ups look stupid. And the cost of being exposed may be significantly higher than the ransom itself. A recent study by Oxford Economics and consultancy CGI found that breaches of cybersecurity eroded the share prices of companies pretty much permanently.
Severe data breaches, those that become public and had legal or regulatory consequences, caused share prices to fall by an average of 1.8 per cent, the analysis of 65 companies affected since 2013 found. Finance sector companies were the worst hit, followed by communications groups. The key finding was this wasn’t just one bad day on the stock market, but long-lasting damage.
So, yes, they’re pretty busy right now, but it’s never too late to Google “cybersecurity expert”.