Kansas State University suffered a cybersecurity breach this week. School officials are investigating the incident. GroupSense CEO Kurtis Minder provided commentary to The Mercury on the incident, lending his expertise on the results of most cyber incidents. Check out the excerpt below or read the full article here.
Kurtis Minder, the founder and CEO of GroupSense, said resolving a conflict with hackers usually results in some form of payment. Minder’s company is not working with K-State on the incident, but he is considered one of the leaders in the field of cybersecurity.
He said even if K-State doesn’t have to pay any fees to the hackers, the university is still going to have a “bad day” at the end of the attack.
“In some cases, companies will have really good backups and fairly refined, or practiced, business continuity processes that they can put into place and restore their systems and get back up running without paying,” Minder said. “There’s still a pretty negative outcome, though, and that is when you don’t pay the bad guys. Let’s say you can restore the operational nature of your systems without paying them; they still took all that information from you.”
Minder said organizations that don’t give money to hackers still pay a price.
“What they do to punish you for not paying is they release or sell that data to other bad guys,” Minder said. “For example, all the HIPAA and regulatory stuff will come into play because they’re going to dump all that student information in a public forum to punish you for not paying.”
He said K-State’s announcement “sounds like a duck,” meaning the details surrounding the university’s security breach is familiar to what he does for a living.
The FBI warns ransomware victims that paying money to hackers is not a guarantee that they’ll return the information — and in fact, it can lead to further criminal activity. But as Minder told The New Yorker in a 2021 article, some entities can’t just shut down while authorities investigate.