About Us | Contact Us
View Cart

The Cost of Being Unprepared

By Vigilize | Monday, April 30, 2018 - Leave a Comment

A new study has identified the most profitable malware, showing just how much unprepared businesses have paid.


An article review.


ServIcons_ITAudit_01

Despite pleas from various experts and authorities, it looks like a significant number of organizations ultimately decide to pay the criminal organizations who have held their data hostage. That’s something that many people have probably assumed to be the case, but the MIT Technology Review recently publicized research that appears to confirm those assumptions, showing bitcoin transactions associated with known malware easily totaling in the millions of dollars.

While the article focuses mainly on the financial cost of malware and some of the effort that goes into tracking down its sources, our friend Joe Cychosz suggested a different angle when he shared the piece with us: The only reason to pay the ransom is because you failed.

In many cases it’s not just one failure, it’s a series. Take this hypothetical scenario for example:

  • An employee, who didn’t get adequate awareness training, opens an attachment or follows a suspicious link.
  • The employee’s user access levels weren’t ever subjected to a regular review and no one noticed they had far more access than they needed.
  • The organization had nightly backups, but they were on servers not segregated in any way from the primary network.
  • The less-frequent offline backups had not been verified in a long time, and no one noticed that the tapes were unreadable.

The proper policies and procedures here could have mitigated the crisis at multiple points before it became necessary to pay a ransom…but with this hypothetical company, even a fire or flood could have wiped out their data–without giving them the chance to buy it back! There will always be new, unexpected threats out there, but having a solid set of basic policies and procedures–and enforcing them–can stop one failure from turning into a disaster.


Original article by the MIT Technology Review.


same_strip_012513


 

Latest News
    PRESS RELEASE – FOR IMMEDIATE RELEASE BUSINESS NEWS FORUM AND CONFERENCE NEWS infotex is proud to announce that Dan Hadaway will be moderating a series of IT Forums for the Ohio Bankers League. “We are excited to continue fostering the relationship with the OBL to help educate and keep Risk Management at the forefront of […]
    Top 7 Trend Articles of 2021. . .  . . .For ISOs of Small Financial Institutions. Welcome to our annual T7 article:  a list of our favorite trend articles from the past year.  Our intent: help you organize your thoughts as your work through your strategic planning process.  We hope reviewing these articles will help you […]
    Another awareness poster for YOUR customers (and users).  Now that we have our own employees aware, maybe it’s time to start posting content for our customers! Download the large versions here: Awareness Poster (Portrait) Awareness Poster (Landscape)   You are welcome to print out and distribute this around your office.  
    A Webinar-Movie In our current world of uncertainty there is at least one thing that is certain. Business needs to continue, and that means that it is important for managers to be able to meet with their team even if everyone is working remotely at this point. In this Webinar-Movie, Dan will compare virtual meeting […]
    The One Test… …Is there a Test that Covers 9/11’s of the Battle? Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . . Twenty years ago two geek-friends and I debated the following question:  “Is there an Audit Test that covers 9/11’s of the battle?” This […]