What are organizations getting wrong when it comes to fighting back against ransomware?

Security & GRCSecurity Strategy & Roadmap
2.9k viewscircle icon1 Upvotecircle icon4 Comments
Sort by:
CEO in Services (non-Government)4 years ago

Making several false assumptions:
Thinking that it can't happen to them.

Believing more frequent backups are the solution.

That ransomeware is a direct result of things like email vulnerability, when a patch/update or code in a back office system can transmit the ransomware as well.

That both ISP or MSP/SaaS are safe.
Lastly, that equipment on a factory floor is immune when it isn't.

Lightbulb on2
Senior Director, Technology Solutions and Analytics in Telecommunication4 years ago

It's possible to reduce your risk, but you have to make cybersecurity a priority in your organization.

Lightbulb on1
CISO4 years ago

We're talking about sophisticated attacks these days and there are industries that are critical to the country but complain about basic user access review at the same time. There are COOs and CFOs saying they don't want to go through a review of who has access to what for their own direct reports. They actually want to delegate it to their secretary, it’s unbelievable.

Lightbulb on2
CISO in Software4 years ago

No matter how security aware you are, no matter how smart you are, people are human and they make mistakes—that's an endemic problem in our industry. The other big pet peeve of mine is that all these companies invest so much in prevention and they forget about detection and response. It's 2021 and I just read a report a couple of weeks ago that the average time to discover a web vulnerability is over 200 days. That's appalling.

Lightbulb on1

Content you might like

Which best describes your knowledge of the number of IoT devices (both managed and unmanaged) in your system’s network?

I know the exact number19%

I don't know the exact number, but have a dashboard that can tell it to me.62%

We don't have a way to determine that number currently.18%

View Results

What would be the strategy to raise awareness among small businesses about investing in Cybersecurity?

Which tech conference do you intend to attend in person next year or have already participated in this year, and what motivated your choice?

Read More Comments

As organizations deploy LLMs and other AI systems, how do you recommend security teams address risks such as data leakage, prompt injection and adversarial manipulation? What frameworks or practices should be prioritized to make AI security programs resilient from day one?

In the past 6 months, have you seen an uptick in targeted cyberattacks on telehealth devices and networks?

No Increase17%

1-5% increase46%

6-25% increase24%

26-50% increase7%

51-75% increase1%

76%+1%

Other2%

View Results