- CISO Series Newsletter
- Posts
- 12-01-20 - Why Is 'Pay the Ransom' In Next Year's Budget?
12-01-20 - Why Is 'Pay the Ransom' In Next Year's Budget?
Why Is 'Pay the Ransom' In Next Year's Budget?
This week's episode of CISO/Security Vendor Relationship Podcast
Why Is 'Pay the Ransom' In Next Year's Budget?
is hosted by me, David Spark, producer of CISO Series and Mike Johnson. Our guest is Les McCollum, managing vp, CISO, ICMA-RC. All three of us discussed:
Are you taking into account all variables when considering to pay the ransom?
With a whopping 25 percent of all ransomware victims paying the ransom, paying the ransom has become part of the security plan. But does doing that actually accomplish anything? Ransomware is not just encrypting your data, but it's also data theft and public exposure. Have you calculated the reputational risk of paying the ransom will cost? Also, after you've paid you're a known entity that will pay. You will be a target to get hit again and again. Most companies upgrade their security programs after an attack. Do you know how much you'll be spending on that?
How do you create a culturally sane group that's diverse?
I always hear forward thinking managers claim they want "culture fit" and "diversity". But the two often seem diametrically opposed. Culture fit speaks to monoculture which is far from diversity. It's really a situation of 'value fit' not 'culture fit'.
We have unconscious bias, accept it.
We all live with unconscious bias, and we often don't express it maliciously. When you accept that it's real, and we ALL have it in various forms is key. When it's pointed out don't shame the perform for having it, and the person who has it shouldn't feel shame for expressing the unconscious bias. Just know you did it, try to improve, and move on.
You can't plan for every budget instance, but you can prioritize.
A lot will change in a year and it's hard to plan your budget accordingly. But, it's very important to understand the priority of each request or each demand. If you have a clear understanding of that and your risk register, then you'll be able to budget accordingly.
Special thanks to this week's podcast sponsor, BitSight.
is the most widely used Security Ratings service with a mission to change the way the world addresses cyber risk. Learn how BitSight for Third-Party Risk Management helps you efficiently mitigate the growing risk across your vendor ecosystem by taking an automated, data-driven approach.
Cyber Security Headlines
This week's sponsor of
Cyber Security Headlines
is SecureLayer7.
This Friday [12-4-20] We're Hacking User Access
Please join us on Friday, December 4th, 2020 at 10 AM PT/1 PM ET for “Hacking User Access: An hour of critical thinking on managing initial and ongoing access to network and data”.I'll be leading this discussion with Chris Hatter, CISO, Nielsen and Corey Marshall, director of solutions engineering, F5.Watch the previewREGISTER
STICK AROUND FOR THE CYBERSECURITY SPEED DATING!
Immediately after the video chat (11:00 AM PT/2:00 PM ET) we'll rollover to our meetup where we'll match everyone who shows up with another cybersecurity professional. And we'll do it five times in less than 30 minutes.
Thanks to our sponsor F5
Subscribe to all our podcasts
Click any of the podcasts below to get access to the subscription feeds. If you're already a subscriber, thank you!
