Do you believe that ransomware is inevitable?

Risk ManagementThreat & Vulnerability ManagementCrisis Management
1.4k views3 Comments
CISO in Software, 51 - 200 employees
During a CISO roundtable I heard people say that we simply have to accept that ransomware is going to happen. I don't believe that. We can approach these zero-days and malware in a lot of different ways. When I was an infrastructure guy, I couldn't say, "Oh, it's inevitable that these servers will be down, so production will be out for three weeks. It's just what happens in IT.” That would never be acceptable. And yet, we're accepting that the attackers are already in and moving around our network because of the way our networks are designed.
2
Managing Partner & CISO in Software, 11 - 50 employees
I like to draw this correlation: Is it possible to prevent 100% of kidnappings? Because every large company has a kidnapping policy as well as protection, insurance and steps for mitigation. I don't think it is possible; it depends on where you're operating, but there is not a 100% security of it. Ideally, we don't want to have rampant kidnapping attacks across US Corporations. They’d be horrific hostage attacks. So I think ransomware is a similar situation: You don't want to have a lot of it. But most networks are so negligent at this point that it's trivial to execute ransomware at scale.
2
Chief Information Officer in Healthcare and Biotech, 1,001 - 5,000 employees
Unfortunately, ransomware attacks have become so frequent that it is practically unavoidable at this point. Ransomware extracted at least $590M in the first half of 2021 alone – more than the $416M tracked in all of 2020, according to the US government’s Financial Crimes Enforcement Network (FinCEN). Ransomware-as-a-Service (RaaS) tools even allow ransomware's developers to profit from cybercriminal affiliates who deploy it against victims! I heard a great quote on this issue, “Ransomware attacks are inevitable. Paying the ransom isn't”. Until some very tough decisions are made around what is needed to stop the ransomware problem, it will remain inevitable.
2

Content you might like

How confident are you that your board genuinely understands the potential impact a security breach could have on your organization?

Board EngagementAwareness & TrainingRisk Management

Very confident - they get it23%

Somewhat confident - they have some understanding72%

No confidence - sad, but true5%


75 PARTICIPANTS
434 views

If you had a magic wand - what's the #1 daily business challenge you'd eliminate?

People & LeadershipStrategy & ArchitectureCloud+57 more
CTO in Software, 201 - 500 employees
Without a doubt - Technical Debt! It's a ball and chain that creates an ever increasing drag on any organization, stifles innovation, and prevents transformation.
142 19 Replies
Read More Comments
46.4k views133 Upvotes323 Comments

Do you have a clear understanding of your legal liability in case of a breach?

Risk ManagementGovernance, Risk & ComplianceSecurity Strategy & Roadmap

Yes47%

Only partial understanding44%

No5%

Unsure2%


329 PARTICIPANTS
1.7k views

What are some ideas to keep up team morale remotely? Are there specific or structured adjustments you've made to counteract burnout/keep up productivity and mental health?

People & LeadershipProcess ManagementTeam & Organizational Design+9 more
Community User in Software, 11 - 50 employees

organized a virtual escape room via https://www.puzzlebreak.us/ - even though his team lost it was a fun subtitue for just a "virtual happy hour"
10
Read More Comments
13.3k views27 Upvotes67 Comments

There are so many types of social engineering attacks – how should we determine which ones to focus on for employee security awareness training?

Awareness & TrainingThreat & Vulnerability ManagementSecurity Strategy & Roadmap
892 views2 Comments