Jan 8, 2022
73 Views
0 0

C-suite leaders are confident in ransomware protections, despite more attacks

Written by

While it’s important for non-IT and security leaders to have buy-in, CISOs have the responsibility to level with their C-suite counterparts on the true threat of ransomware. 
“If cybersecurity professionals feel their C-suite is overconfident about ransomware, it’s time to speak up and deliver a dose of reality,” the report said. 
Regulatory fines caused by a ransomware attack are the top concern for respondents, followed by data or intellectual property loss. With data loss a top risk factor in ransomware — either locked or stolen data — it’s up to CISOs to educate other business leaders about the most relevant risks to the threat. 
CISOs can use the top areas of concern to educate their C-suite on what needs the most attention using business terms, benchmarks or comparative analysis to round out the context. 
While it’s tempting to show the board what the day-to-day operations and threats the SOC deals with, when speaking to the C-suite and board, CISOs need to understand: 
Since last year’s ransomware attacks increase, organizations in healthcare cited the greatest increase in communication between security and other business leaders, (ISC)² found. However, communication declined in logistics, education, and manufacturing and energy. 
Gartner recommends companies engage in a continual learning process for preventing ransomware attacks, according to Michael Hoeck, senior director analyst at Gartner, while speaking during the virtual Gartner Security & Risk Management Summit in November. 
“You have to be able to run this scenario, you have to play through the scenario, you have to do the tabletop exercises, you have to perform the restore process,” said Hoeck. “Take a system down to the bare bones, and reconstruct it to find out how long it really takes, and see how well it matches up to what the business is expecting.” 
“A lot has to do with some capabilities you already have today, or technology that’s in place today,” when it comes to backups, said Hoeck. 
Some of the requirements of a continual learning process is keeping tabs on what applications are mission-critical, knowing the backup capabilities of a vendor and considering a secure isolated recovery environment. 
C-suite executives want visibility into how security works with IT, with 38% asking for assurance that back-ups and restoration plans are unaffected in the event of a ransomware attack, (ISC)² found. One-third of respondents want to know what is needed to restore minimal operations following an attack, including backups, identifying priority systems, and restoring basic functions. 
Follow on Twitter
Get the free daily newsletter read by industry experts
"PrintNightmare is just like the flipping gift that keeps on giving," Jason Slagle of CNWR IT Consultants said. "You can get popped by it, and then literally every week there's some sort of update." 
Data disclosures from cloud misconfigurations are often the result of human error — but policies, not users, are to blame.  
Subscribe to Cybersecurity Dive for top news, trends & analysis
Get the free daily newsletter read by industry experts
Want to share a company announcement with your peers?
Share your announcement
"PrintNightmare is just like the flipping gift that keeps on giving," Jason Slagle of CNWR IT Consultants said. "You can get popped by it, and then literally every week there's some sort of update." 
Data disclosures from cloud misconfigurations are often the result of human error — but policies, not users, are to blame.  
The free newsletter covering the top industry headlines

source

Article Categories:
Cybersecurity News

Comments are closed.