What are organizations getting wrong when it comes to fighting back against ransomware?

Security & GRCThreat & Vulnerability Management
2.9k viewscircle icon1 Upvotecircle icon4 Comments
Sort by:
CEO in Services (non-Government)4 years ago

Making several false assumptions:
Thinking that it can't happen to them.

Believing more frequent backups are the solution.

That ransomeware is a direct result of things like email vulnerability, when a patch/update or code in a back office system can transmit the ransomware as well.

That both ISP or MSP/SaaS are safe.
Lastly, that equipment on a factory floor is immune when it isn't.

Lightbulb on2
Senior Director, Technology Solutions and Analytics in Telecommunication4 years ago

It's possible to reduce your risk, but you have to make cybersecurity a priority in your organization.

Lightbulb on1
CISO4 years ago

We're talking about sophisticated attacks these days and there are industries that are critical to the country but complain about basic user access review at the same time. There are COOs and CFOs saying they don't want to go through a review of who has access to what for their own direct reports. They actually want to delegate it to their secretary, it’s unbelievable.

Lightbulb on2
CISO in Software4 years ago

No matter how security aware you are, no matter how smart you are, people are human and they make mistakes—that's an endemic problem in our industry. The other big pet peeve of mine is that all these companies invest so much in prevention and they forget about detection and response. It's 2021 and I just read a report a couple of weeks ago that the average time to discover a web vulnerability is over 200 days. That's appalling.

Lightbulb on1

Content you might like

Which vendor solutions are being considered to "read, identify and redact information" in unstructured data sets? I'm specifically looking at solutions that can mask / redact or hide content within documents, that allow documents to be consumed but certain piece of information to be hidden.

We are considering a scanning solution for detecting Personal Information (PI) in our data assets, mainly AWS S3, DynamoDB, Salesforce, etc. We need the solution to detect PI, identify the type (e.g., infotype), and optionally map it to our own PI categories. We are currently considering BigID. Do you have experience with this tool or any other tools that can help us scan across different data platforms and technologies?

Read More Comments

Are CISA's current recommendations for preventing Maui ransomware attacks sufficient?

Yes, if followed correctly.39%

Unsure38%

No, there is still a significant risk.19%

Other (please tell us in the comments)3%

View Results

We implemented Oracle HCM recently including Redwood.  Defining the long term plan for support, we face challenges with our Oracle Security knowledge depth specifically (defining and maintaining roles/ SOD/ SOX etc). Is there anyone who has experience in setting this up after a successful Oracle HCM plus Redwood implementation and would like to share best practices with me?

What are your organization’s drivers for implementing RegTech?

Support future growth36%

Automate manual processes59%

Demonstrate compliance49%

Reduce risk exposure43%

Improve customer experience16%

Reduce costs13%

View Results