Are IT leaders losing the fight against ransomware?

People & LeadershipGovernance, Risk & ComplianceSecurity & GRC+5 more
304 views7 Comments
CISO in Software, 51 - 200 employees
It's a never-ending circle of madness, and hopefully somebody is going to get their head around it one of these days. I know as IT and security people, we can do better, and I know we're going to have some solutions out there in the future instead of just being reactive to everything. I attended a virtual conference recently and every session was about ransomware. Every single solution was, "Make sure you have a good backup system." That's part of the solution, but it's not the full thing. What's stopping it? Where's the zero trust? Where's the protection of all your assets? 

Let's separate everything in VLANs. That's what we did for biotech and pharma companies too. Was that effective? For the most part. But we had million dollar robots sitting on this particular VLAN, and they're controlled by Windows XP or Windows 7 machines that are dictated by the vendor. You can't upgrade them, you can't put Anti Virus on them and you can't patch Windows. What do you do in those situations? We had to knock them off the internet and deny them access, but when the vendor technician came in to fix it, they'd stick their USB drive in there and blow up the whole machine. Then we'd be down for three days while they were rebuilding the Windows machine.
1 1 Reply
Chief Information Officer in Finance (non-banking), 201 - 500 employees

But ransomware protection is different from Zero Trust. I want to make sure that we don't conflate the two. Zero Trust is about access and authentication, and it's a little different from the ransomware attacks that might come in an email attachment or malicious web link.

VP IT & Ecommerce in Finance (non-banking), 51 - 200 employees
We've now mostly moved away from VPN and using dual factor authentication and all the applications, but what worries me the most is the applications and the services that we've built talking to each other. We have a handful of users with VPN access, and those are always the worrisome ones, but those are the folks within IT. We still need to figure out how to secure them. We do our best and as a practice, we stress that everyone does only what they really need to do on those machines using VPN. No personal work can be done on those machines, not even checking personal emails. We’re extra cautious, but the risk is there.
2 2 Replies
CISO in Software, 51 - 200 employees

I'm from the pharmaceutical industry and we have tons of policies. I get audited every quarter for some reason, or probably even more frequently than that, and as long as we check the boxes on all these audits, they're like, "Hey you guys are good." But that doesn't make us any safer from attack.

Managing Partner in Services (non-Government), 11 - 50 employees

That's a prudent man’s defense. "We passed the audit. Yeah, we got breached but we were doing the right things." But not right enough.

Director of IT in Healthcare and Biotech, 10,001+ employees
Win or lose here is somewhat grey. At individual battles level, some battlers are won by IT organizations, and some by ransomware entities. But the war continues on and I think it will continue for the foreseeable future. Those ransomware are going to be here for some time. 
The challenge here is to be a couple of steps ahead of them and have a robust mitigation plan in place if you end up losing in one of those battles.
1
Director of Technology Strategy in Services (non-Government), 2 - 10 employees
It's not a single battle that's being forward. At the same time they're trying to defend against ransomware they're also fighting:

Stakeholder complacency
Investor aversion
Decision paralysis

And at the end of it is a regular member of staff who clicks the wrong thing because they don't know any better.

Content you might like

Which EDR has less false positives?

Security & GRCIT Strategy & RoadmapSecurity Strategy & Roadmap

crowd strike39%

sentinel one56%

carbon black6%

cynet0%


36 PARTICIPANTS
242 views

What tools or techniques do you use to manage your suppliers?

Vendor/Product RecommendationVendor ManagementPeople & Leadership+1 more
Read More Comments
3k views2 Upvotes5 Comments

Has your organization effectively used AI to cut costs and enhance customer support?

IT Strategy & RoadmapArtificial Intelligence & Machine Learning (AI/ML)People & Leadership

Yes, AI has significantly reduced costs and improved customer experiences.4%

Somewhat, there have been some cost reductions and customer benefits, but there's room for improvement.81%

No, AI implementation has not yielded noticeable cost savings or substantial customer enhancements.11%

Not sure / I don't have enough information to assess AI's impact.4%


27 PARTICIPANTS
182 views

If you had a magic wand - what's the #1 daily business challenge you'd eliminate?

People & LeadershipStrategy & ArchitectureCloud+57 more
CTO in Software, 201 - 500 employees
Without a doubt - Technical Debt! It's a ball and chain that creates an ever increasing drag on any organization, stifles innovation, and prevents transformation.
142 19 Replies
Read More Comments
46.4k views133 Upvotes323 Comments

What are some ideas to keep up team morale remotely? Are there specific or structured adjustments you've made to counteract burnout/keep up productivity and mental health?

People & LeadershipProcess ManagementTeam & Organizational Design+9 more
Community User in Software, 11 - 50 employees

organized a virtual escape room via https://www.puzzlebreak.us/ - even though his team lost it was a fun subtitue for just a "virtual happy hour"
10
Read More Comments
13.3k views27 Upvotes67 Comments