- CISO Series Newsletter
- Posts
- 7/23/19 - Who Are the Perfect Targets for Ransomware?
7/23/19 - Who Are the Perfect Targets for Ransomware?
Who Are the Perfect Targets for Ransomware?
This week's episode of CISO/Security Vendor Relationship Podcast
Who Are the Perfect Targets for Ransomware?
, Mike Johnson and our guest Sean Walls, vp, cybersecurity, Eurofins, discuss:
Test your incident response team.
It's one thing to have an emergency plan, it's another to know if it works. Run drills and work out the kinks during exercises so you don't need to deal with it when the real problem happens.
Ideal ransomware targets have lots of critical data, poor security, and plenty of insurance.
Unfortunately, small municipal governments unprepared for ransomware attacks have become unwitting prime targets. They've been victims of extortion fees into the hundreds of thousands of dollars.
Not always a straight comparison between actual ransom vs. cost to fix.
The costs to combat a ransomware attack often include infrastructure expenses that had been put off for some time. The cyberattack forced their hand to make the changes. For that reason, it's often inappropriate to compare the two. Meaning, you can't necessarily say that if they paid the ransom they wouldn't have to incur this infrastructure expenses. Often it's a situation that they would have to incur the expense eventually, and if they didn't they would be susceptible to many more ransomware attacks making the situation even more expensive.
Never negotiate directly with the extortionists.
Bring in the authorities as they have negotiating expertise that can help you negotiate down the cost of the ransom.
Align security to the business.
We talk about this a lot on the podcast, but in most cases you should be able to align all security expenses to a specific business outcome.
Special thanks to this week's CISO/Security Vendor Relationship Podcast sponsor, Core Security.
Assigning and managing entitlements rapidly to get employees the access they need is critical, but it can come at the cost of accuracy and security.
identity governance and administration (IGA) solutions provide the intelligent, visual context needed to efficiently manage identity related security risks across any enterprise.
We talk a lot about penetration testing here, given that it remains a staple of proactive IT security. But not everyone feels it’s all it’s cracked up to be. Or should that be, all it’s hacked up to be?” More than one cybersecurity organization points out there are a few flaws in the pen testing concept that make it worth a second look.
Pen testing often consists of a small collection of attacks performed within a set time period against a small sample of situations. Some experts doubt the efficacy of testing against a limited field of known vulnerabilities, without knowing what other weaknesses exist in plain sight, or merely invisible to jaded eyes.Read more...
Check out more Cloud Security Tips sponsored by OpenVPN, provider of next-gen secure and scalable communication software. OpenVPN Access Server keeps your company's data safe with end-to-end encryption, secure remote access, and extension for your centralized UTM.
I want more "What's Worse?!" scenarios
The most popular segment on the
CISO/Security Vendor Relationship Podcast
is "What's Worse?!" And thankfully, I've got lots of smart and active listeners who like to think about bad things happening. While many have contributed scenarios, this podcast keeps moving on and I'm always on the prowl for more, More, MORE!
Got a good one for me? Go ahead and send it to me privately (that's key, don't publish it) via
,
, or ping me through our
or just reply to this very newsletter. Make sure to let me know if you'd like me to quote you. I want to give credit for providing wonderfully miserable scenarios.
SUBSCRIBE TO BOTH PODCASTS
Go ahead and click on any of these links to subscribe to the podcast feed of your favorite podcast catcher.
If you're already a subscriber, THANK YOU! If you like either or both shows, please tell all your friends on social media and write a review on iTunes.