The Anti-virus Times

Wednesday, September 7, 2016

In today's world of isolated individualists, only the most thoughtless person could think that he/she depends on no one.

Everyone works somewhere—and it doesn’t matter whether you’re employed by a state agency or a private company, there are several activities everyone has in common, for example—receiving and sending email, making phone calls, visiting websites, and using Internet resources that were created to maintain internal and external work flows. In many organisations, there are special people who ensure that Internet services function smoothly—system administrators.

But few stop to think about what other employees (non-IT specialists) go through if one person inadvertently lets malware into the corporate network (perhaps, this person wasn’t paying attention, was tired, or didn’t know any better—the reasons can vary).

For example, what will the company accountant have to do if you inadvertently open a message containing encryption ransomware? And what, you may ask, do the accountant and malware have to do with anything?

Anytime malware penetrates a corporate network, there’s financial damage. That’s how an entire company is threatened when just one PC is involved in the launch of encryption ransomware.

1. Individual employees or the company as a whole must suspend activities. For example, because certain computers and servers have malfunctioned.
2. Various documents are lost.
3. The company must pay a ransom to the attackers.

Moreover, the consequences of each virus incident have to be eliminated—this also requires money, and in this case the company must shell it out. But a company isn’t a cash cow that you can just take money from and spend any way you like. A company must report its expenses, and write off its losses according to the law and the rules of accounting and taxation.

And it’s at this point that a caveat arises. Before a company can write off the money it has paid to cybercriminals, a government agency must investigate the matter in order to establish whose actions caused the losses. In the case of encryption ransomware, this is almost always impossible.

The fact that none of a company’s employees were found to be guilty must be documented—the company must obtain a copy of the official decision to suspend the preliminary investigation due to the failure to identify the person to be named as defendant, or a copy of the official refusal to open a criminal investigation.

And only when a company has a copy of any of these documents does it have the right to include the amount of the losses it’s incurred from the theft in the unrealised expenses of the reporting (tax) period during which the government agency’s decision was made. As you can imagine, this will take more than a month. And time is money, too (in this case—losses)!