Should Companies Negotiate With Cyber-Criminals?

The meteoric growth of cyber-extortion as a prominent threat faced by enterprises has raised a new ethical conundrum for information security executives: to negotiate or not to negotiate? As extortionists have become more creative and precise in their theft and ransoming of valuable business data, what was once unthinkable—negotiating with criminals—has increasingly become standard practice. In fact, it's so standard that nearly one-third of security professionals surveyed are willing to play ball with cyber-criminals in order to get valuable data back. Such is the stand-out finding of a recent survey conducted by threat prevention software vendor ThreatTrack Security. "A surprising number of security pros would concede to cyber-criminal demands to avoid the consequences of data compromise, loss or misappropriation," said Stuart Itkin, ThreatTrack senior vice president. By re-evaluating their security strategies to ensure rapid detection and elimination of threats, as well as the ability to restore encrypted data, Itkin said that enterprises "will neutralize the incentives that are driving cyber-crime extortion and help ensure security professionals will not have to face this difficult choice."