About

In this episode of the Managing Uncertainty Podcast, Bryghtpath Principal & Chief Executive Bryan Strawser discusses one of the biggest threats facing businesses today: ransomware. Bryan discusses steps you can take to manage and survive ransomware attacks and crisis situations that can have deadly serious consequences to your organization’s operations, continuity, and reputation. Related Episodes & Blog Posts Blog Post: The Importance of Having a Crisis Communications Strategy Blog Post: Insider Threat Webinar: The Threat Lurking inside your Organization Episode #59: All roads lead to one – Crisis Management Framework Episode #115: Ransomware and Backups Episode Transcript Hello and welcome to the Managing Uncertainty Podcast. This is Bryan Strawser, Principal and Chief Executive here at Bryghtpath. And today I want to talk about one of the biggest threats facing businesses, small, medium, large, Fortune 50 sized organizations, and that is ransomware. And I want to emphasize the need to plan your ransomware attack response now. That there is no time to wait based on thinking about how you will manage this as a business continuity, crisis management, information security professional, as a chief security officer, or as a leader or owner of a business. If you think about what we’ve seen in just the last six months, food manufacturing and food processing fuel pipelines, police departments, a transportation authority, cities and counties in terms of government. Those are just some of the largest targets that have been hit with ransomware attacks in the United States so far this year in 2021. But for every ransomware story in the news that we see, there are dozens of incidents that go unnoticed, unmentioned because either the company is too small for news outlets to care, or because the organization wants to handle that situation quietly on its own and usually by paying the ransom. And ransomware is paying really good money. In 2020, the amounts that victim’s paid to regain the use of their data went up more than 300%. I bet your margin didn’t climb 300%, but theirs did. So it’s not surprising that the Washington Post is now claiming that the frequency of attacks have more than doubled from 2019 to 2020. And it seems to be a case of not if a company will be hit, but when a company will be hit. Also, the perfect storm has been created with the pandemic. The growth of remote work has really created the perfect condition for cyber attacks. Although mobile work and mobile devices have increased for more than a decade now, companies really didn’t proactively communicate the urgency of hardening home-based information security, your home network the way that we should have. Billions of homeworkers during the pandemic have provided multiple entry points through insecure home routers possibly that are still running older encryption like WPS instead of WPA2 or WPA3 and wifi networks that may not even have password protection. Now companies can shore up home-based offices, but you also need to change the attitude towards ransomware attacks. Tactically, we often focus cybersecurity efforts around regulatory and framework compliance and those are important, NIST, CSF, high trust, direct trust, PCI, and more. These are important, but we also need to build cybersecurity capabilities to withstand a determined adversary.