Ransomware is one of the most threatening malwares in the cyber industry, according to Carbonite’s Rise of Ransomware report, where 66 percent of IT professionals emphasize the seriousness of the issue, yet only 13 percent believe that they are prepared enough to prevent a ransomware attack.
Last year, cybercriminals attacked the California-based Hollywood Presbyterian Medical Center, encrypting files crucial in running the hospital’s operating systems and demanding a ransom to restore them to working order.
We have been following the same cybersecurity approach, more or less, for over a decade. Yet, most everyone agrees that the problem continues to grow worse. Perhaps we are not on the right course. Maybe we are operating on false assumptions. The following list (to be continued in next month’s column) is meant to promote a dialogue about what, in my view, are widely held cybersecurity myths.
According to frequent headlines in the press, cybersecurity is an issue that has seized the attention of corporate boards and the executives who report to them. The reality is probably more nuanced. Although the largest companies in some sectors are engaged in extensive risk management efforts, the broader business community in the middle market remains at best uneven in its response, says Matthew F. Prewitt, partner with law firm Schiff Hardin in Chicago, chair of Schiff Hardin’s data security and privacy team and co-chair of the trade secrets and employee mobility team.
Ask most corporate executives to define cybersecurity and their initial thoughts turn to data privacy. That’s for good reason. Companies are bleeding corporate trade secrets and personally identifiable information at such an alarming rate that confidentiality issues and related compliance concerns can’t help but dominate the cybersecurity agenda. Yet, ask cybersecurity professionals what keeps them up at night, and the topic invariably turns to data deletion, tampering with control systems, and the potential to cause physical harm over the Internet. These concerns fall into categories that are distinct from protecting data confidentiality. Instead, they demonstrate the importance of maintaining an enterprise focus on the integrity and availability of your company’s most essential data, systems and services.
Thinking of building your own Global Security Operations Center? Learn from four leading enterprises about how they developed or modified their GSOCs to bring the most value to their enterprises. Also in this issue: how to attract better cybersecurity talent, healthcare data compliance, working with integrators to test security technology, the 2017 ISC West Product Preview and much more!