How are you defending yourself against ransomware?

Governance, Risk & ComplianceSecurity & GRCRisk Management+6 more
166 views5 Comments
CEO, 51 - 200 employees
One of the things I've been working a lot with my clients is to plan for failure. Assume that you will be violated. What happens then? What sort of policies, what kind of steps should you have in place, what kind of technologies do you have? Design for failure. Design for fragility so that you can create a more robust environment.

Fortunately, none of our customers have had ransomware incidents, but they are all very concerned about it. They’re looking at ways in which they can better manage their situation, including education. Technology's one solution, but they feel like the first thing they need to do is to educate their people to ensure that they understand the simple things. So it becomes a cohesive effort. Our organization is worried about ransomware and the first thing we're doing is educating everyone to take the right steps, like not opening emails of a suspicious nature, but also to plan for failure.
3
Head of Security in Software, 501 - 1,000 employees
I have a tool for app security that essentially gives me trends on how I'm doing on product security. My Security Information Management (SIM) is my single pane of glass on the operations side. I do integrate with my Endpoint Detection and Response (EMDR) solution and cloud ecosystem to give me more than just alerts. I am a numbers guy. Numbers speak to me better than colors, so I look at trends. If I am seeing a trend around a certain event or type of event, that is my target. If we are seeing similar event types like phishing, then that is my point of attack for the next quarter, and it establishes my immediate short-term goals.

I have a similar approach for Data Loss Prevention (DLP). DLP, is a beast by itself, so I don't have a single pane of glass for it. The tool itself is the metric there. When I joined this organization, I did not do an entire inventory assessment, I did a risk assessment of it. I took an inventory of what my attack surface is like: What is the risk and what is the potential of those risks being realized as threats? I mapped it into an OWASP or MITRE ATT&CK framework, and came up with a strategy to let the risk drive my implementations and initiatives, as opposed to just classifying assets and other initiatives.
1 2 Replies
Chief Security Officer, VP of Info Svc, Analytics and Cloud Infra & Operations in Software, 201 - 500 employees

That's what you have to do. KPIs and risk assessments are valuable—especially with boards and CEOs—to be able to get the funding you need.

3
Head of Security in Software, 501 - 1,000 employees

Exactly. Your data is speaking, so there is no reason for senior management to turn down some of this logic. Second thing, you readily have these metrics to share with the board on, whenever, on a quarterly or biannual basis, so that it's already there.

Director in Manufacturing, 1,001 - 5,000 employees
Off-site storage of backups every 12 hours on critical systems

And off-site storage of my resume
2

Content you might like

Which EDR has less false positives?

Security & GRCIT Strategy & RoadmapSecurity Strategy & Roadmap

crowd strike38%

sentinel one58%

carbon black5%

cynet0%


40 PARTICIPANTS
304 views

Would anyone be willing to share best practices about how their organization deals with ensuring Cookie Compliance, specifically to GDPR rules? Where should this sort of compliance review sit in an organization? The particular issue we have is who should review new web deployments that use cookies and to make the decisions on whether Cookies are Strictly Necessary or Functionality Cookies. For example is a Cookie required for a Live Chat to work Functionality or Strictly Necessary? Our Security team does not consider taking on these compliance reviews as their domain, as Cookie Compliance is not an internal security matter and the Data Protection team has a limited interest as the GDPR rules around Cookies apply in case of any Cookie being used by a website, whether or not it contains personal data. 

Security & GRCRegulatory Compliance
195 views1 Comment

Are short term bans of the use of GenAI applications and tools (such as ChatGPT) a good idea for end users in most organizations? For context see this article on the State of Maine Government's directive before you vote: https://www.govtech.com/artificial-intelligence/chatgpt-generative-ai-gets-6-month-ban-in-maine-government

Applications & PlatformsEnd-User Services & CollaborationPeople & Leadership+4 more

Yes - Maine did the right thing. There are too many security risks with free versions of these tools. Not enough copyright or privacy protections of data.31%

No, but.... - You must have good security and privacy policies in place for ChatGPT (and other GenAI apps). My organization has policies and meaningful ways to enforce those policies and procedures for staff.52%

No - Bans simply don't work. Even without policies, this action hurts innovation and sends the wrong message to staff and the world about our organization.12%

I'm not sure. This action by Maine makes me think. Let me get back to you in a few weeks (or months).3%


352 PARTICIPANTS
9.2k views9 Upvotes1 Comment

If you had a magic wand - what's the #1 daily business challenge you'd eliminate?

People & LeadershipStrategy & ArchitectureCloud+57 more
CTO in Software, 201 - 500 employees
Without a doubt - Technical Debt! It's a ball and chain that creates an ever increasing drag on any organization, stifles innovation, and prevents transformation.
142 19 Replies
Read More Comments
46.5k views133 Upvotes324 Comments

What are some ideas to keep up team morale remotely? Are there specific or structured adjustments you've made to counteract burnout/keep up productivity and mental health?

People & LeadershipProcess ManagementTeam & Organizational Design+9 more
Community User in Software, 11 - 50 employees

organized a virtual escape room via https://www.puzzlebreak.us/ - even though his team lost it was a fun subtitue for just a "virtual happy hour"
10
Read More Comments
13.4k views27 Upvotes67 Comments