Are you seeing any progress around how companies are directly addressing ransomware?

Security & GRCThreat & Vulnerability ManagementCrisis Management
1.9k views1 Upvote4 Comments
CISO in Software, 51 - 200 employees
It's a balance of how you want to do it. In every forum on ransomware that I'm in, they talk about recovery—having good backups and a good playbook on recovery, etc. I never hear anything about being proactive or doing anything preventative except to follow these guidelines and make sure you have these three things in place so you'll be in a better position. 

It saddens me to see ransomware in the news every day, especially when it hits hospitals and affects patients because of my background in biotech. It's totally avoidable, but every hospital CIO I talk to says, "We don't have the budget to change anything, but we have CrowdStrike and we paid the five million dollar ransom and that's fine."
2
Board Member, Former CIO in Software, 10,001+ employees
I am the soon-to-be chair of the cyber subcommittee for one of my boards which is a relatively new thing. I haven't seen other boards form cyber subcommittees yet, but I expect this will be quite common because audit committees are basically full of finance people—they're CFOs.  I usually chair the audit committee and it includes PWs and the auditors among other folks. They're not technically savvy, so they don’t really understand how to deal with the risk. Security, in general, has been the issue, but ransomware has gone from an obscure risk to being front and center.
3
Senior Information Security Manager in Software, 501 - 1,000 employees
Slow. progress.

Ransomware is a major threat and firms need to be prepared, which many are not.

Here's a new book on the topic worth reading: Ransomware Protection Playbook

 

 

https://www.amazon.com/Ransomware-Protection-Playbook-Roger-Grimes/dp/1119849128
1
Director of IT in Software, 201 - 500 employees
Progress is slow. One thing the ransomware improved was understanding the value of good and tested backup solution and indirectly it increased the backup usage.

Content you might like

If you use an air-gapped backup solution, would you say there are drawbacks?

CloudGovernance, Risk & ComplianceSecurity & GRC+13 more

Slow recovery response times34%

Data availability is limited49%

Too expensive to scale effectively52%

Difficult to manage for widespread use37%

Prone to misconfiguration12%

No - There are no drawbacks7%


567 PARTICIPANTS
1.8k views3 Upvotes

Are you using OWASP ZAP currently at your org to scan web apps?

Secure Code & Automation (DevSecOps)Threat & Vulnerability ManagementVendor/Product Recommendation

Yes70%

No30%


93 PARTICIPANTS
401 views

CISOs/heads of security - when capacity constraints are getting in the way of your goals, do you generally feel comfortable explaining this to your exec team? How do you approach that convo without potentially inviting doubts about your own capabilities?

Internal CXO RelationshipsSecurity & GRCAvailability & Capacity Management
Read More Comments
977 views2 Comments

Did anyone else catch this stat on Crunchbase: "M&A deal-making in the cybersecurity space continues to slow with only 13 deals announced for VC-backed startups in the first quarter of the year"  Do you think the decrease in cybersecurity M&A is going to impact innovation or could it lead to consolidation in terms of vendor offerings (that is perhaps a needed change)?

Security Strategy & RoadmapSecurity & GRCInnovation
Read More Comments
1.2k views1 Upvote4 Comments

What's a quick win for optimizing spend? What's been your focus or "lowest hanging fruit"?

People & LeadershipStrategy & ArchitectureCloud+28 more
Read More Comments
1.5k views4 Upvotes3 Comments