#repost from a thread I saw on reddit. Can the uptick in ransomware be viewed as a good thing and a way to weed out inferior companies through some sort of natural selection?
"Not only are companies who care more about paying breach insurance companies over protecting user data getting exploited, but now companies also have to answer to investors when they can't continue business operations. Unlike breaches where companies just give 1 year of "credit tracking" and they are legally off the hook while some poor guy's credit is ruined for years.
Now if you don't have backups, or reliable ways to restore those backups then your investors will get mad. This just opens the door for more cybersecurity sysadmins that actually care about security and it weeds out the ones who don't. It is kinda like natural selection in a way and I'm all for it."
I saw a similar argument made on Twitter.
Whilst it may kill off weakly managed companies, it is not like there is a DNA in companies, selection largely works in animals because they inherit traits from parents who survived. It is not clear the effects of selection will be preserved long term other than say in company norms, and I'd suggest there may be (short term!) competitive advantage in ignoring some security guidance.
If I was taking the cynical view, all problems resolve themselves somehow, and in the case of ransomware the very worst way is all the companies with weaker security get ransomed.
I like to believe people in companies can learn from others example, or from near misses, without having to go out of business or pay ransoms first. Although I know companies need systems in place to let them learn from others or near misses, otherwise it becomes very haphazard process reflecting who has the most internal influence.
------------------------------Simon WatersFounderInsufficient Entropy------------------------------
"All the content provided in the pages ahead leads to one conclusion: ransomware is now the predominant cyber threat confronting businesses. With the prospect of risk aggregation and systemic events ever present – and reinforced in recent months by attacks on nation states that have targeted critical infrastructures and system providers – the insurance market is retrenching"