How are you defending yourself against ransomware?

InfrastructureSecurity & GRC
220 viewscircle icon5 Comments
Sort by:
Director in Manufacturing4 years ago

Off-site storage of backups every 12 hours on critical systems

And off-site storage of my resume

Lightbulb on2
Head of Security in Software4 years ago

I have a tool for app security that essentially gives me trends on how I'm doing on product security. My Security Information Management (SIM) is my single pane of glass on the operations side. I do integrate with my Endpoint Detection and Response (EMDR) solution and cloud ecosystem to give me more than just alerts. I am a numbers guy. Numbers speak to me better than colors, so I look at trends. If I am seeing a trend around a certain event or type of event, that is my target. If we are seeing similar event types like phishing, then that is my point of attack for the next quarter, and it establishes my immediate short-term goals.

I have a similar approach for Data Loss Prevention (DLP). DLP, is a beast by itself, so I don't have a single pane of glass for it. The tool itself is the metric there. When I joined this organization, I did not do an entire inventory assessment, I did a risk assessment of it. I took an inventory of what my attack surface is like: What is the risk and what is the potential of those risks being realized as threats? I mapped it into an OWASP or MITRE ATT&CK framework, and came up with a strategy to let the risk drive my implementations and initiatives, as opposed to just classifying assets and other initiatives.

Lightbulb on1 circle icon2 Replies
no title4 years ago

That's what you have to do. KPIs and risk assessments are valuable—especially with boards and CEOs—to be able to get the funding you need.

Lightbulb on3
no title4 years ago

Exactly. Your data is speaking, so there is no reason for senior management to turn down some of this logic. Second thing, you readily have these metrics to share with the board on, whenever, on a quarterly or biannual basis, so that it's already there.

CEO4 years ago

One of the things I've been working a lot with my clients is to plan for failure. Assume that you will be violated. What happens then? What sort of policies, what kind of steps should you have in place, what kind of technologies do you have? Design for failure. Design for fragility so that you can create a more robust environment.

Fortunately, none of our customers have had ransomware incidents, but they are all very concerned about it. They’re looking at ways in which they can better manage their situation, including education. Technology's one solution, but they feel like the first thing they need to do is to educate their people to ensure that they understand the simple things. So it becomes a cohesive effort. Our organization is worried about ransomware and the first thing we're doing is educating everyone to take the right steps, like not opening emails of a suspicious nature, but also to plan for failure.

Lightbulb on3

Content you might like

As enterprise AI adoption accelerates, how is your organization adapting its governance and risk oversight to keep pace?

Established AI governance framework with defined policies and oversight37%

Currently developing governance models and risk controls63%

Relying on existing security/compliance frameworks (no AI-specific policy)26%

No formal AI governance approach in place4%

View Results

Do you have controls in place to protect your virtual machines from hyperjacking attacks, in which bad actors target the hypervisor with malicious code?

Yes29%

We’re currently implementing these controls53%

We’re currently exploring solutions10%

No7%

Other (please specify)

View Results

We are on the cusp of conducting a pilot of AI tooling - we intend to use Gemini & CoPilot, providing training, guidance & policy to our user group.  Before we start we should conduct a risk assessment -  my question is: can you recommend a tool or template?

Read More Comments

I am looking for insights on establishing an Architecture Review Board (ARB) within our organization. As we aim to enhance our architectural governance and ensure alignment with our strategic objectives, we recognize the importance of setting up an effective ARB. To this end, I would greatly appreciate your guidance on the following aspects:       1. Establishing a Charter: What key elements should be included in the ARB        charter to clearly define its purpose, scope, and authority?       2. Member Selection: What criteria should we consider when selecting members for the ARB to ensure a diverse and knowledgeable board?       3. Review Process: Could you share best practices for structuring the review process to ensure thorough and consistent evaluations of architectural proposals?       4. Decision-Making: What are effective methods for making decisions within the ARB, and how can we ensure transparency and accountability?       5. Documentation and Communication: What templates or tools would you recommend for documenting reviews and communicating decisions to stakeholders?      6. Measuring Success: How can we establish criteria for measuring the success and impact of the ARB on our architectural practices? Your expertise and experience in this area would be invaluable to us as we embark on this initiative. Any additional insights or resources you could provide would be greatly appreciated. 

Read More Comments

Procurement of bitcoin in ransomware situation.  What are folks doing to prepare for the need of a large purchase of bitcoin in the need to pay ransomware. Yes ideally we would take the "we'll never pay approach" however, I think it's important to be realistic and in certain circumstances you may need to cross that line. 
Are you tied into a retainer of some sort with an exchange or Bitcoin holding firm?

Read More Comments