Question: The Port would not say how much was requested, but would it have been less costly in the long run to pay the bitcoin?
Phil Blair, Manpower
NO: The ransom amount is minimal compared to the long-term disruption and cost afterward. Pay the ransom and then power down on never letting it happen again. Then, share what you learned with all other governmental and private bodies to help them protect themselves from the issue. We all have to stay far ahead of this disruption.Kelly Cunningham, San Diego Institute for Economic Research
NO: It may be understandable to want to just pay the ransom, but that simply encourages extortion scams to continue. There is no guarantee data will be restored. Data still may be damaged remain infected. Funding cybercriminals also incentivizes larger cyberattacks, so paying does not make the issue go away. Costs of implementing cybersecurity by necessity are spent in any case to forestall future attacks, while sensible policies regularly backing up systems are essential.David Ely, San Diego State University
NO: There are strong arguments for why paying a ransom is not the best response for the long run, even if the amount demanded is small. There is no guarantee that the attacker will enable the recovery of data once the ransom is paid. Also, an organization that demonstrates a willingness to resolve ransomware attacks by paying a ransom probably increases the likelihood that it will be the target of additional attacks.Gina Champion-Cain, American National Investments
NO: The two macro issues to deal with are system vulnerability and the need for cryptocurrency regulation. Proactive "hardening" of systems will always dwarf the direct cost of a ransom as will the cost to repair and restore the breached system. Additionally, ransom payment without system reconfiguration will invite future ransom. These crypotcurrency ransom events are directly related to the nearly untraceable nature of the currencies. Regulating this payment method would reduce threat.Alan Gin, University of San Diego
YES: For individual entities, it is usually less expensive to pay the ransom. It is really costly to recover information that is lost or held hostage, but organizations have to get it back to function. Unfortunately, this would contribute to increased incidents of this behavior in the future as the perpetrators are rewarded. This is a situation where what is good for an individual entity might be bad for society as a whole.James Hamilton, UC San Diego
NO: The more hackers succeed financially with these attacks, the more of them we’re going to see. The only viable strategy is for every enterprise to recognize that new technology raises new vulnerabilities. We continually need to develop better measures to defend the integrity of the systems we rely on. A key step is making sure all employees understand how they can help keep hackers out of the system.Gary London, London Moeder Advisors
Not participating this week.Norm Miller, University of San Diego
NO: Anyone answering "yes" is a short-term selfish myopic. I’m certain no one will say “yes.” Society must stand up against such bullies or else fuel their future larceny. The ransom writers have exposed a weakness in the security of the Port, and what would help the most is to provide us and McAfee, and similar firms, with a diagnosis of the method used to hack their system so others can be shielded.Jamie Moraga, IntelliSolutions
YES: It could have been but without the facts it’s hard to say definitively. The Federal Bureau of Investigation doesn’t advocate paying ransom to an adversary. However, if businesses or organizations are faced with an inability to function, they should assess all options to protect their business and its assets. Training, patching, anti-virus and anti-malware software, and regular backups (on and off site) are just the tip of the iceberg in protecting your business. Cybersecurity threats are dynamic, and they evolve daily.Austin Neudecker, Rev
NO: Ransomware and other cybersecurity attacks will increase over the next decade until we modernize our defenses and pass new laws protecting our citizens. If those affected pay the ransom, even when it makes short-term economic sense, we will embolden the criminals to attempt larger heists.Bob Rauch, R.A. Rauch & Associates
NO: In the long run, it is more important to have a robust cybersecurity defense in place. These criminals claim they will put your business documents back in place but they may not. If they do, they may try again via another attack, perhaps using a slightly different approach. It is akin to drive-by Americans with Disability Act lawsuits aimed at businesses. Sleazy lawyers sue and it seems cheaper to cave in. Often, it is not. Fight.Lynn Reaser, Point Loma Nazarene University
NO: While operations could be disrupted, customers adversely impacted, and repairs expensive, acquiescing to ransom demands could only invite further attacks. It would also encourage attacks of other enterprises. The need to upgrade cybersecurity remains vital. Such investment is expensive, but the consequences of not doing so can be vastly more costly.John Sarkisian, Motion Ventures
NO: If the Port of San Diego pays ransom without fixing the problem they will leave themselves open to further attacks and ransom demands. Paying ransom encourages and incentivizes criminals to attack other organizations. In the long run that makes it more expensive for all.Chris Van Gorder, Scripps Health
NO: In the short run, it absolutely would have been cheaper to pay a ransomware demand, but not in the long run. Giving in to extortionists is the same as giving into terrorists. It just encourages them and others to attack more vulnerable sites in the future. That means the cost and risk to society will increase. Better to spend money up front to harden the target than to pay a ransom or the repair costs later.©2018 The San Diego Union-Tribune Distributed by Tribune Content Agency, LLC.
