What is the most critical step in preventing Ransomware?

Governance, Risk & Compliance Security & GRC

Employee Education32%

Data backups62%

Disabling Macros3%

Other (comment below!)1%

197 PARTICIPANTS

3.7k views2 Upvotes3 Comments

Sort by:

CISO in Softwarea year ago

Patching and vulnerability management is #1 and should be on this list!

VP, Information Technology in Consumer Goods4 years ago

Employee training (with testing and tracking)
Phishing simulations (with re-training for people who fail)
Patch your systems and remove technical depth as quickly as you can.

Director in Software4 years ago

Employee trainings (fix the weak link)
Tech controls
Tested & proven recovery mechanisms

Content you might like

What are the biggest technical challenges preventing organizations from being able to use their existing data to enable digital transformation?

Finding data and putting it to good use13%

Controlling the security and privacy of data45%

Understanding how data is currently being used20%

All of the above19%

None of the above1%

View Results

Are CISA's current recommendations for preventing Maui ransomware attacks sufficient?

Yes, if followed correctly.39%

Unsure38%

No, there is still a significant risk.19%

Other (please tell us in the comments)3%

View Results

Does someone have advice on how they have balanced the risk/reward as it relates to introducing Open-Source Software to organization? My org is dipping its toe into the OSS world and the architecture and risk governance teams are looking to get ahead of these requests by coming up with policies and standards for OSS technology being brought into our environment. To clarify, this is not for software development and CI/CD pipelines, SDLC etc. This is for installing solutions that already exist out there (Zabbix, GreyLog, Prometheus etc.) into the organization's environment. We are looking to provide a balance on the obvious risk with the ability to move fast (like everyone else now).

Which vendor solutions are being considered to "read, identify and redact information" in unstructured data sets? I'm specifically looking at solutions that can mask / redact or hide content within documents, that allow documents to be consumed but certain piece of information to be hidden.

We are considering a scanning solution for detecting Personal Information (PI) in our data assets, mainly AWS S3, DynamoDB, Salesforce, etc. We need the solution to detect PI, identify the type (e.g., infotype), and optionally map it to our own PI categories. We are currently considering BigID. Do you have experience with this tool or any other tools that can help us scan across different data platforms and technologies?

What is the most critical step in preventing Ransomware?

Sort by:

Content you might like

What are the biggest technical challenges preventing organizations from being able to use their existing data to enable digital transformation?

Are CISA's current recommendations for preventing Maui ransomware attacks sufficient?

Which vendor solutions are being considered to "read, identify and redact information" in unstructured data sets? I'm specifically looking at solutions that can mask / redact or hide content within documents, that allow documents to be consumed but certain piece of information to be hidden.

What sets us apart?

RELATED ONE-MINUTE INSIGHTS

How are U.S. CISOs Addressing Liability Risk?

CrowdStrike Outage: Impact And Recovery

Impact & Perceptions of A Privacy-First Digital Era

Challenges & Tools For A Privacy-First Internet Age

IT and Infosec Collaboration on Vulnerability Patching

Take Your Insights On-the-Go