While I’m glad this issue is gaining national attention, this piece was very defeatist. Companies wouldn’t accept a thief walking in and taking tens of thousands of dollars from the register. Yet because a computer is involved, the expectation is to comply?
I do agree and have also referred to these attacks as the worst day of an executive’s personal life.
There are measures to prevent and protect against this crime. Atlanta’s $20MM bill has not just data recovery costs. It also involves modernizing their very large IT infrastructure, that had been neglected, to prevent future attacks.
Taking a proactive approach to digital attack will always be more cost efficient than a reactive one. Proactive allows for budgeting and planning as opposed to depleting cash reserves to overcome a major business disruption.
Paying merely emboldens these criminals to continue with these campaigns. Not determining root causes and remediating the vulnerability only leaves companies susceptible to ongoing attacks.