The victims of ransomware attacks span all sizes of companies across all industries. From multinational banks to massive healthcare institutions, it seems that no company is safe. This year alone, organizations as diverse as the UK’s National Health Service, San Francisco’s KQED public radio and Russian energy company Rosneft have all been struck, and struck hard.
Whether it’s WannaCry, Locky, Cerber, CyptXXX or the next oddly named attack that’s likely being developed right this minute, recovering from an attack is high on the list of IT professionals everywhere.
With that in mind, we wanted to know what single question security experts thought companies should ask about ransomware, and know the answer for their business. This is the subject of our upcoming webinar on ransomware, “What is the number one ransomware question businesses should ask now?”
To preview the webinar, we asked three experts what they think.
Dan Lohrmann is chief security officer for Security Mentor, an organization that provides online security awareness training. He is recognized as a global IT security thought leader, and served as chief information security officer (CISO), chief security officer (CSO) and chief technology officer (CTO) for the state of Michigan. Based on his experience in the public and private sector, Dan said: “Are we 100% sure that all data is properly backed-up, and have we tested our ability to restore business operations quickly in the event of an incident?”
Tyler Carbone, chief product officer and head of customer success at Terbium Labs, a dark web intelligence company, had backups on the mind, as well: “Do I have consistent, clean and frequent offsite backups?”
As an experienced consultant, and founder of multiple technology businesses, he brings his entrepreneurial background into his role at Terbium, and when starting a company, you are vulnerable. “You need to assume that you’re vulnerable,” he explains. “So the #1 question is to confirm that, if you have a problem, you’ll be able to recover from a backup that’s as recent as possible.”
Finally, Scott N. Schober, renowned author of Hacked Again (and president and CEO of Berkeley Varitronics Systems, Inc., which designs cell phone detection, RF analysis and wireless threat detection tools), wrapped it up with the overarching question: “Is my business prepared for a ransomware attack?”
Scott continues that being prepared, including “a regular backup plan in place for all computers and mobile devices, regularly updating all applications and operating systems with the latest security patches, and continually educating employees on the dangers of phishing scams,” is the best way to be in a position to not pay the ransom.
After all, “Businesses that pay a ransom, no matter how small a fee, embolden and legitimize cyber thieves as business ‘partners’ and also create a relationship that invites future extortion.”
That’s the real goal, right? Not paying the ransom, and recovering your business’s data and apps with a minimum of downtime.
To get more information on how you can be as prepared as possible for any ransomware attacks that may come your way, be sure to tune into our webinar.