About Us | Contact Us
View Cart

The Cost of Being Unprepared

By Vigilize | Monday, April 30, 2018 - Leave a Comment

A new study has identified the most profitable malware, showing just how much unprepared businesses have paid.


An article review.


ServIcons_ITAudit_01

Despite pleas from various experts and authorities, it looks like a significant number of organizations ultimately decide to pay the criminal organizations who have held their data hostage. That’s something that many people have probably assumed to be the case, but the MIT Technology Review recently publicized research that appears to confirm those assumptions, showing bitcoin transactions associated with known malware easily totaling in the millions of dollars.

While the article focuses mainly on the financial cost of malware and some of the effort that goes into tracking down its sources, our friend Joe Cychosz suggested a different angle when he shared the piece with us: The only reason to pay the ransom is because you failed.

In many cases it’s not just one failure, it’s a series. Take this hypothetical scenario for example:

  • An employee, who didn’t get adequate awareness training, opens an attachment or follows a suspicious link.
  • The employee’s user access levels weren’t ever subjected to a regular review and no one noticed they had far more access than they needed.
  • The organization had nightly backups, but they were on servers not segregated in any way from the primary network.
  • The less-frequent offline backups had not been verified in a long time, and no one noticed that the tapes were unreadable.

The proper policies and procedures here could have mitigated the crisis at multiple points before it became necessary to pay a ransom…but with this hypothetical company, even a fire or flood could have wiped out their data–without giving them the chance to buy it back! There will always be new, unexpected threats out there, but having a solid set of basic policies and procedures–and enforcing them–can stop one failure from turning into a disaster.


Original article by the MIT Technology Review.


same_strip_012513


 

Latest News
    Ransomware payments sent to countries under sanctions could result in fines… An article review. Whether or not to pay the organization behind a ransomware attack has been a hotly debated subject for many years, but a new advisory issued by the Treasury Department’s Office of Foreign Assets Control (OFAC) warns those who do pay up […]
    Welcome Webinar Attendees! You can download the deliverables by clicking on the link below. Boilerplates/Handouts Click here to download files.        
    Another awareness poster for YOUR customers (and users).  Now that we have our own employees aware, maybe it’s time to start posting content for our customers! Download the large versions here: Awareness Poster (Portrait) Awareness Poster (Landscape)   You are welcome to print out and distribute this around your office. Data by Rob Sobers, writing […]
    Thanks for being interested in our Technology Planning Webinars! This year‘s annual webinar on the subject will include a review of the previous years’ movies that are already available, and a discussion about alternative tactics that have arisen from recent virtual conferences and regulator panels. It’s not too late to register for the 2020 Technology […]
    Check out the Sponsor Video! We will be updating the video on YouTube in the coming days, but will include the credits so everyone is recognized for all their hard work. Like our Facebook, Twitter, and Subscribe on YouTube for further updates! Credits Producer: Bryan Bonnell “K0s$” Director: Sara Fultz Editor: Sofia Tafoya Wardrobe: Our […]