It was June of 2021 when the iPhone buzzed and the CxO requested a briefing on this growing threat on the horizon. Ransomware had already been gaining traction for years.
Human behavior has been repeating itself since the beginning and once again, this "Corporate Executive" was no different.
“We need a briefing on what we need to do at “Our Company” to avoid being attacked by this ransomware hacker!”
The response was immediate. “The Executive Report is ready for you now and the Executive Team whenever you all are together in the Board Room, yet when will you have just 30 minutes for our local Information Security Team to brief you today?”
Have you ever encountered a boss who had that “Deer In The Headlights” look on their face when they were asking for your assistance?
Did you see the “CBS Evening News” last evening they yell!
“CLOp, the ransomware gang responsible for exploiting a critical security vulnerability in a popular corporate file transfer tool, has begun listing victims of the mass-hacks, including a number of U.S. banks and universities.”
For those of us who have been operating in this business for a few decades, the behavior of uninformed corporate citizens to the continuous threat vectors in our world is never going to cease.
As Digital First Responders we then communicate with a few key messages to executive management in the “C” Suite, yet not all at once!
As you will learn, you have to communicate a measured yet continuously deliberate set of message facts over the course of a week or two, for people to slowly comprehend the vast landscape of the business problem they are now in:
- Critical infrastructures are those systems and assets- whether Physical or Virtual – that are considered so vital to the United States that their incapacitation or destruction would have a debilitating effect on security, national economic security, national public health or safety, or any combination of those matters.
- As Ransomware Attacks continue to grow, organizations need to improve their security posture to protect against an attack. Better security requires implementing appropriate security controls and ensuring that effective crisis management and employee education are in place.
- The landscape of how we work has changed. We must assess vulnerabilities in a new way and with increased due diligence.
- The cost of a cyber attack is often significant for organizations large and small, and we must strengthen responsiveness and reduce behaviors that may open vulnerabilities in the future.
- Public Private Partnerships of Critical Infrastructure organizations with CISA.gov and FBI.gov are vital to enhance our U.S. National Security.
Once you have effectively provided these top 5 bullets to your executives, then the real work shall begin:
THE RANSOMWARE CRISIS
The current ransomware crisis can be attributed to the following factors:
- History of Inaction
- New Tactics
- Rapid Technology Deployment / Innovation without Security & Resilience
- Safe Harbors for Criminals
Since you are a “Digital First Responder”, try to remember your audience is still learning the vast and pervasive implications, of what many of us have been fighting since the dawn of the Internet and our growing “Asymmetric Warfare”…