Prioritizing Data Recovery: Selecting Which Encrypted Files to Restore First Following a Ransomware Intrusion
In the ever-evolving digital landscape, ransomware has emerged as a significant threat to businesses worldwide. This destructive malware, which makes machines unusable, has forced companies to rethink their security strategies.
Mike Towers, CISO at Takeda Pharmaceuticals, emphasizes that at Takeda, availability and continuity are the primary risk focuses. He underscores the role of CISOs in risk mitigation, pushing business leaders to make tough priority decisions. Towers suggests becoming an expert at explaining what can be done with the resources available, rather than focusing on what could be done with more resources.
The manufacturing and service sectors have been hit the hardest by ransomware, according to Beazley Breach Response Services. In response, several companies and institutions, including ISN (ISNetworld), have added third-party risk management platforms to better understand and prevent the impact of ransomware on their global supply chains.
Drew Daniels, CISO of Druva, points out that new companies and startups are not paranoid enough about their third-party vendor management, particularly with the iCloud. He suggests that employee awareness is often a cheap alternative to adding technological solutions. Estlick, VP & CISO at Chipotle, brings reports of ransomware campaigns into his organization as a self-inflicted phishing campaign to pre-sensitize the organization.
Historically, intellectual property protections have been the top issue in biopharmaceuticals. However, due to the influence of ransomware, the focus has shifted to operational continuity. Jason Lee, CISO at Zoom, states that this year the CISO role in identifying where critical assets are has been amplified.
Shaun Marion, CISO at Republic Services, notes that before ransomware added data exfiltration to its repertoire, recovery was possible with a good backup. However, only 55% of organizations have offline backups in place, according to a Veritas survey. Organizations with three or more copies of their data are able to restore upwards of 90% of their lost information from a ransomware attack.
Daniels also emphasizes that iCloud security management is still the responsibility of the organization, not the iCloud provider. This underscores the importance of robust internal security measures in the age of increased iCloud adoption.
Estlick believes that if employees have seen the issue and received training, they are less likely to fall for a real campaign that may follow. Towers agrees, stating that employees are often a weak link in the security chain, but with proper training, they can be a strong defense.
Reporting to watchdogs, adhering to payment card industry regulations, or potential fines are added to the response plan when a ransomware attack occurs. This underscores the legal and regulatory implications of a ransomware attack, beyond just the immediate impact on business operations.
In conclusion, ransomware has forced businesses to rethink their security strategies, with a greater focus on operational continuity and employee awareness. As the threat evolves, so too must our defenses, and CISOs play a crucial role in this ongoing battle.
Read also:
- InformationWarfare in the Modern Era: Enhancing an Information Strategy for today's Battlefield and Botnet Threats
- U.S. intelligence leader alleges UK succumbed to pressure over Apple data access request
- Politician's Rivalry Slips into Online Traps Made for Stealing Information via Social Media Phishes
- Top 46 Significant Tech Firms Based in Toronto
