Has ransomware become more prevalent or just increasingly publicized?

Governance, Risk & ComplianceSecurity & GRCRisk Management+5 more
2.3k views1 Upvote3 Comments
Head of Business Technology in Software, 201 - 500 employees
There is a lot of debate about whether the rise of ransomware has happened because of cryptocurrency. Cryptocurrency has been here and the way I see it is, there's honey, so all the flies are coming for it. If there is money, crooks will come out. 51% of the companies hit by ransomware are hit again within 3 months because people noted that they paid and then didn't increase their protection. We need to figure out how to recognize it, how to protect against it and what we can do about it if it happens. But there are costs involved.

For me as a business technology guy, I need to understand where I should put my dollars. There are 30-40 different security applications in an organization. That's too many.
1
Chief Information Officer in Education, 5,001 - 10,000 employees
Ransomware is a concern because we have so many accounts and a massive amount of data. In the last 18 months or so, the public sector's been hit quite hard in those spaces because hackers suddenly realized that if you don't have a CISO or a security team, the defenses are down, so they’ll go after those organizations. It makes it really difficult.

I've got 56K students that are all authenticated on the network. They can go down to the public library, get a book on hacking and then come back as pre-authenticated hackers. We've had a denial of service attack by a kid in middle school who didn't quite know what he was doing. So there's an internal focus on those pieces, but school districts have a hard time. They don't have the funds or resources.
2
Head of Security in Software, 501 - 1,000 employees
When somebody asks me, "What are you doing about ransomware?" the trouble I have is that ransomware is nothing new. It’s been around for years but recently gained attention because the whole east coast was shut down by the Colonial Pipeline incident. 

As someone coming from a consulting and financial background, ransomware has always been on the table. It’s just that people did not talk about it as much and it was swept under the rug called incident response and management. So if you have an incident response plan, then by extension it was your incident response plan for ransomware. That is how it has been treated until now.
1

Content you might like

Are you going to Blackhat Asia?

Threat Intelligence & Incident ResponseSecurity Strategy & RoadmapPersonal Development

Yes60%

No40%


81 PARTICIPANTS
593 views1 Comment

If you had a magic wand - what's the #1 daily business challenge you'd eliminate?

People & LeadershipStrategy & ArchitectureCloud+57 more
CTO in Software, 201 - 500 employees
Without a doubt - Technical Debt! It's a ball and chain that creates an ever increasing drag on any organization, stifles innovation, and prevents transformation.
143 19 Replies
Read More Comments
47.1k views133 Upvotes325 Comments

What services matter most (or are your favorite) in alignment with your cloud provider? i.e. Database/warehouse (like Redshift), analytics, AI/ML…

Strategy & ArchitectureCloudEnd-User Services & Collaboration+24 more
Read More Comments
1.9k views3 Upvotes2 Comments

Would anyone be willing to share best practices about how their organization deals with ensuring Cookie Compliance, specifically to GDPR rules? Where should this sort of compliance review sit in an organization? The particular issue we have is who should review new web deployments that use cookies and to make the decisions on whether Cookies are Strictly Necessary or Functionality Cookies. For example is a Cookie required for a Live Chat to work Functionality or Strictly Necessary? Our Security team does not consider taking on these compliance reviews as their domain, as Cookie Compliance is not an internal security matter and the Data Protection team has a limited interest as the GDPR rules around Cookies apply in case of any Cookie being used by a website, whether or not it contains personal data. 

Security & GRCRegulatory Compliance
657 views1 Comment

What is the primary security concern for companies regarding AI?

SecuritySecurity & GRCSecurity Strategy & Roadmap+15 more

Malicious use of AI algorithms for targeted cyberattacks20%

Unauthorized access to sensitive AI models and data68%

Adversarial attacks compromising the integrity of AI systems9%

Lack of transparency and explainability in AI decision-making processes3%


74 PARTICIPANTS
257 views