We know ransomware can wipe out a business—maybe not so much from the cost of paying the ransom, but from the downtime it causes—so don’t get caught without a backup. I asked the experts whether a processor should pay the ransom, and while the responses were mixed, the moral of the story is: Have a backup!
Patrick McBride, Claroty: Ransomware has become the most prevalent form of malware attack, and it is a significant risk to operational environments. WannaCry and NotPetya both caused millions of dollars in damage to industrial environments last year. Both of these threats exploited known vulnerabilities for which patches were available. Patching systems in an operational environment can be very challenging due to limited maintenance windows, but we must include vulnerability scanning and patching as part of the solution.