As business executives fret over how easily companies continue to fall victim to ransomware, they may actually be missing the bigger picture: that the attackers behind the scourge could actually do a lot worse damage if they wanted.

“These attackers have got complete administrative control of the IT department,” warned Chris Williams, chief cybersecurity architect at solution security provider Leidos, today at SC Congress Toronto. “That isn’t in the headlines You have to read between the lines to figure that out.” In truth, added Williams, ransomware attacks could “blow away” a victimized company’s IT systems, destroy its data or drain back accounts down to nothing. From that perspective, compromised companies are lucky if ransomware is their biggest problem, he explained.

Williams said he expects the ransomware epidemic to continue to be a raging trend “until we embrace new paradigms of cybersecurity,” including more efficient crisis management practices. Williams’ advised conference attendees on how to successfully negotiate such crises by fostering stronger relationships and communication with upper management and employees.