Ransomware Warranties: Gimmick or Guarantee?

Warranties inspire confidence. If something goes wrong with a purchase, you’ll be made whole. That’s the idea anyway.

Now consider ransomware. It’s not a “something.” It’s a “when thing.” So ransomware warranties hold understandable appeal.

Here’s why: By 2031, ransomware is expected to attack a business, customer, or device every two seconds, costing victims around $265 billion annually — according to Cybersecurity Ventures.

Recently, a ransomware attack hit the Los Angeles Unified School District, the second largest in the US. Hackers demanded a ransom and leaked over 500GB of stolen data.

So if ransomware is inevitable, who wouldn’t want a ransomware warranty? After all, you’ll get a guaranteed payout if and when the worst happens. That’s the pitch anyway.

But buyer beware. As with most warranties, “terms and conditions apply.”

Terms and conditions from real data protection and data security warranties

Companies love to make promises so you’ll buy their products. But if you need to make good on a ransomware warranty, prepare to read the fine print.

Generally, these warranties will not:

  • Cover malware introduced by a third party into your internal systems through a breach in your system security. For example, if a hacker from a foreign country were to breach your security and introduce malware, that likely will not be covered.
  • Cover any malware introduced into your internal systems by employees / staff / personnel through a breach in your system security. As an example, by way of certain types of phishing (note: CISA says 90% of all cyberattacks begin with phishing).

And here’s just some of the conditions you may be asked to meet to exercise various warranties:

  • Sign up for a monthly health check and follow all instructions regardless of how burdensome or costly. If not, no payout.
  • Continuously download all new versions and patches. If not, no payout.
  • Obligate you to follow both (a) the rules in the frequently changing “security hardening” document and (b) “then-current” industry best practices regarding the protection of access credentials, an area phishing attackers regularly target. (Keep in mind, too, that how these “best practices” are defined is open to interpretation and left to the subjectivity of the vendor.) If not 100% compliant, no payout.
  • Pay for a non-refundable customer experience manager consulting service. If not, no payout.
  • Agree to a public case study of how you were compromised. If not, no payout.
  • Ask permission of the vendor before you begin incurring costs to recover from the attack.  If not, they won’t cover your expenses.

Even if you met the vendors’ conditions, ransomware warranties are frequently designed so that you’d only qualify for reimbursement of actual pre-approved data recovery, restoration, or re-creation expenses after incurring them. Any ransomware payments wouldn’t be eligible for reimbursement.

No harm done, right? wrong.

Beyond the terms, conditions, and exclusions, can ransomware warranties actually harm your business?

Again, read the fine print. Signing them can limit you to a sole and exclusive remedy with those vendors, and numerous escape clauses may let them blame you for losses you incur. Warranties like these are little more than limitations of liability benefiting the companies — not you, the customer.

After reading through all the legalese, one customer joked they’d probably be asked to dance in the rain next — the list of warranty conditions was that endless.

You can take it to the vault: Cohesity FortKnox

So if warranties won’t defend you against ransomware, what will? A real technology solution you can rely on when ransomware attacks.

For example, check out Cohesity FortKnox, a SaaS cyber-vaulting, data isolation and recovery solution, which was named the Gold Winner in the Business Continuity and Data Protection category and won Best of Show at VMware Explore 2022.

FortKnox improves cyber resiliency with an immutable, “gold copy” of data in a Cohesity-managed cyber vault. It empowers organizations to prepare for and recover quickly from attacks, with granular recovery back to the source, or an alternate location, including the public cloud.

Cohesity also recently unveiled DataHawk, a solution that combines cyber vaulting, threat intelligence, and ML-powered data classification all in one data security SaaS offering. This solution is designed to provide powerful protection against cyberattacks today and tomorrow.

Additionally, with Cohesity, customers have access to:

The Data Security Alliance, which brings together the ‘who’s who’ in cybersecurity, data security, and data management to collectively help enterprises win the war against cyberattacks.

  • An exemplary Security Advisory Council led by Cohesity Board member Kevin Mandia, one of the world’s leading cybercrime fighters. Trust us: This Council’s advice is worth more than any gimmicky warranty.
  • An additional layer of real ransomware protection that may help you qualify for cybersecurity insurance, as it did for a metro Atlanta school district.
  • Exceptional SaaS and self-managed data protection, trusted by nearly half the Fortune 100.
  • The Cohesity Data Cloud: one simple, unique platform to secure and manage your data.

We’ll match the same warranties as our competitors, but we’d rather offer you the guarantee of a world-class data security and management platform, with the benefit of a world-class Security Advisory Council.

Put us to the test.

We invite you to learn more about Cohesity FortKnox and Cohesity DataHawk.



Source link