Ransomware is Top of Mind
The article below is made possible by our Security Partner Fortinet.
Ransomware is the hottest topic of the day. Every company needs to have a solid ransomware strategy in place. This is no surprise, as Fortinet’s FortiGuard Labs reported a more than 10X increase in ransomware activity in the last year. Resiliency and response are key. The industry average is 21 days to get basic business functionality up and running. You could lose $1M a day in revenue if taken off the grid. And it takes 9 months to fully recover from a ransomware attack.
Four critical steps for any ransomware strategy.
Starting with an access identity management program, including multifactor authentication, to know who and what is on your network is essential. Organizations should also compartmentalize access and use segmentation to slow and isolate. And basic IT hygiene, such as patching, needs to be prioritized.
Effective strategies start from the top down:
Company executives, legal, corporate communications, and HR should all be involved in the planning and executing of a crisis-management strategy. And it needs to be in place before an attack.
Slow the attack, slow the attacker. Limiting privilege access, segmenting the network, and maintaining good cyber hygiene can buy critical time to execute crisis management strategies and protect other systems.
Disaster recovery is not enough. Prevention tactics should also be included in recovery plans, such as quickly pivoting to executing Continuity of Operation Plan to ensure business continuity and creating a “clean room” that replicates infrastructure to ensure faster recovery times.
Security is Everyone’s Responsibility
One big challenge facing many organizations is getting leadership teams to make cybersecurity a priority. Security needs to be front and center because it is everyone’s responsibility.
One approach is to distribute corporate cybersecurity spend across teams, so one department is not burdened with the cost. But such an approach must be paired with a cross-functional team comprised of cyber experts, legal, IT, DevOps, and leadership team members to avoid a fractured security implementation. By sharing goals, functions, concerns, and priorities, organizations can implement an effective, unified strategy where everyone has a stake in the organization’s security, not just IT.